Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Solaris bash vulnerability update
Operating Systems Solaris Solaris bash vulnerability update Post 302919161 by gull04 on Sunday 28th of September 2014 07:13:37 PM
Old 09-28-2014
Hi,

No, the attack does not require the attacker to have an account. They can make use of the account that is running the service that they attack through.

As an example, if you have a web server running - it would normally be run by a user. This could be "apache", "webserver" or if you are very unlucky "root".

The "shellshock" vulnerability will allow an attacker to leverage the owner of a service privileges to potentially gain access to some or all of a server or it's data.

I have seen a large number of assaults on my estate, below are the typical things that you are seeing. So far I haven't had any serious problems, I had started patching before the first attack so was lucky.

Code:
XXX.XXX.93.149 - - [25/Sep/2014:05:08:03 +0100] "GET /w00tw00t.at.blackhats.aaaaaa.aaaa-sec:) HTTP/1.1" 404 319 "-" "ZmEu"
XXX.XXX.93.149 - - [25/Sep/2014:05:08:03 +0100] "GET /something_here/scripts/setup.php HTTP/1.1" 404 306 "-" "ZmEu"
XXX.XX.69.74 - - [25/Sep/2014:18:53:51 +0100] "GET / HTTP/1.1" 200 2455 "() { :; }; /bin/ping -c 1 XXX.XXX.0.69" "() { :; }; /bin/ping -c 1 XXX.XXX.0.69"

As you'll probably be able to see from the above, the attempts to gain access are coming from different IP Addresses I now have lists of several hundred. The most common seem to be trying to gain access to things like Mysql databases, firewall block lists and attempts to clear them along with access to a host of standard setup utilities.

The /bin/ping could just as easily be a "wget" or "ftp" placing malicious code or a million other things designed to make a systems admin unhappy.

Regards

Dave
Last edited by gull04; 09-28-2014 at 08:16 PM.. Reason: More info.
These 2 Users Gave Thanks to gull04 For This Post:
hicksd8 orange47
 

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Constant update echo in BASH

Hi all, Basically Im trying to put the current time in a script in BASH. Tried the watch command, but its not really what I want. I will have lots of things in this script, current date and time being just a few). Any ideas? (4 Replies)
Discussion started by: mikejreading
4 Replies

2. Solaris

Undo the Veritas mirroring and update from Solaris 8 to Solaris 10

Hi all I wish to undo the mirroring for root and update the Solaris version from 8 to 10. Since i am lack of knowledge and experience on this, hope you all can help me double check the step and correct me. Existing disk groups details root@leo # vxdg list NAME STATE ID... (3 Replies)
Discussion started by: SmartAntz
3 Replies

3. Solaris

Install update 6 on solaris with update 3

I want to update my solaris 10 server which is currently on update 3 stage. A new application require it to be on update 6. What is the best way to make it update 6. should i just install the patch or should i go for the liveupgrade?? thanks for you help in advance (3 Replies)
Discussion started by: uxravi
3 Replies

4. Shell Programming and Scripting

Update ksh .profile to launch bash

Hi I don't have chsh option. I want to launch bash instead of ksh ( or launch bash from ksh .profile) how can I do this ? (1 Reply)
Discussion started by: Sivaswami
1 Replies

5. Shell Programming and Scripting

Update a mysql column via bash script

Hello, I want to check the value of all MySQL columns.(column name is "status") via bash script. If value is "0" at I want to make only single column value to "1" I have many "0" values on mysql database(on "status" column) "0" means it is a draft post. I want to publish a post. I... (2 Replies)
Discussion started by: tara123
2 Replies

6. News, Links, Events and Announcements

Bash vulnerability

Not sure if there is a post about it here somewhere already. Anyway: Remote exploit vulnerability in bash CVE-2014-6271 | CSO Online (3 Replies)
Discussion started by: zaxxon
3 Replies

7. Red Hat

RedHat 5 update 9 BASH update issue

Hi i want to update the BASH because of the "shell shock" vulnerability. my RedHat 5 is clean install with the default mirror site. when im running the command: yum update bash im getting a message saying there is no update. you can see in the attach picture... what am i doing wrong? is... (4 Replies)
Discussion started by: guy3145
4 Replies

8. Shell Programming and Scripting

Bash to update files to be used by awk

In the below bash there are 6 .txt files in /home/cmccabe/Desktop/comparison/ref_val/ that are being updated from the 6 .vcf files in /home/cmccabe/Desktop/comparison/validation/files/*.vcf. The awk in the post updates the files with the information, however the files are not being updated so the... (0 Replies)
Discussion started by: cmccabe
0 Replies

9. Shell Programming and Scripting

Bash FPATH code update

In this post at 302451613-post2.html the link to the code comes up not found. The thread is closed, so I was unable to ask on the thread itself and I do not have enough posts yet to send a private message (or write out a proper html link). Does the author (jim mcanamara) have an updated link? ... (2 Replies)
Discussion started by: matthewpersico
2 Replies

10. Solaris

How to update Solaris 10 Update 3 to Update 11?

Hi friends, We have a Solaris machine running 10 update 3 -bash-3.2# cat /etc/release Solaris 10 11/06 s10s_u3wos_10 SPARC Copyright 2006 Sun Microsystems, Inc. All Rights Reserved. Use is subject to license terms. ... (6 Replies)
Discussion started by: prvnrk
6 Replies

LEARN ABOUT DEBIAN

commit-patch

COMMIT-PATCH(1) 						   User Commands						   COMMIT-PATCH(1)

NAME

       commit-patch - commit patches to Darcs, Git, Mercurial, Bazaar, Subversion, or CVS repositories

SYNOPSIS

       commit-patch [--amend] [-m message] [-F message-file] [-v] [--dry-run] [patch-file]

       commit-partial [--amend] [-v] [--dry-run] [--retry] [file ...]

DESCRIPTION

       Normally version control systems don't allow fine grained commits. commit-patch allows the user to control exactly what gets committed (or
       "recorded", in Darcs parlance) by letting the user supply a patch to be committed rather than using the files in the current working
       directory. If patch-file is not supplied on the command line then the patch will be read from standard input.

       commit-partial is like commit-patch except that it will create a patch from the current changes in the current working directory and launch
       your editor so that you can edit the patch and the commit message (using the VISUAL environment variable, or if that isn't set the EDITOR
       environment variable, or, if that isn't set, vi. Any files you specify will be passed to your version control's diff command.

       commit-patch currently supports the following version control systems: Darcs, Git, Mercurial, Bazaar, Subversion, and CVS.

OPTIONS

       -a, --amend - Amend a previous commit. Currently only Darcs and Git support this option. When used with Git it will amend the previous
       commit. When used with Darcs, Darcs will ask you which patch you want to amend.

       -m, --message=message - An optional message to use as the commit text. If the message is multiple lines then Darcs, Git, and Mercurial will
       use the first line as the patch name and the rest as commit details. If the "-m" option is not specified then the result will be the same
       as whatever the underlying version control system would do if you didn't specify a message name on the command line. That is, commit-patch
       does not interfere with the patch naming process of the underlying version control system; Darcs will still ask you interactively; CVS and
       Subversion will still launch your editor.

       -F, --message-file=filename - You can optionally get the commit message from a file. This is generally only useful for scripting commit-
       patch.

       -v, --verbose - Turn on debugging. This will print the commands that commit-patch is running to get the patch committed.

       -n, --dry-run - Turn on more paranoid debugging. This will print the commands that commit-patch will run to get the patch committed but it
       won't actually run those commands.

       -r, --retry - Only available in commit-partial. This will reload the last patch that was attempted to be committed into your editor instead
       of the current changes in the directory. This is for cases where the patch fails to commit for some reason and you want to try to fix it
       instead of starting over.

DIAGNOSTICS

       commit-patch works by manipulating the working directory using "patch", "interdiff", and the underlying version control system's "diff".
       If any part of the process fails, commit-patch will attempt to restore the working directory to the state it was before the command was
       run. Any errors from the underlying version control system or from patch will be printed.

CAVEATS

       The patch specified on the command line must originate from the same place as the current directory. That is, the following will not work:

	 cvs diff -u > ../a.patch
	 cd ..
	 commit-patch a.patch

       You must run commit-patch from the same directory that the original patch was based from.

       Darcs, Git and Mercurial put "a/" and "b/" in front of all the paths in the diff output. Don't worry about this; commit-patch takes it into
       account.

EXAMPLES

       Typical CVS usage:

	 cvs diff -u > a.patch
	 emacs a.patch
	 commit-patch a.patch

       Mercurial usage with a message specified:

	 hg diff > a.patch
	 emacs a.patch
	 commit-patch -m "This is a commit message" a.patch

       Darcs usage with a multi-line message specified:

	 darcs diff -u > a.patch
	 emacs a.patch
	 commit-patch -m 'This is the patch name
	 Here are the patch details' a.patch

AUTHORS

       o   David Caldwell <david@porkrind.org>

       o   Jim Radford <radford@blackbean.org>

COPYRIGHT AND LICENSE

       Copyright 2003-2010 by David Caldwell and Jim Radford.

       commit-patch is distributed under the GNU General Public License. See the COPYING file in the distribution for more details.

HISTORY

       commit-patch was originally called "cvs-commit-patch" and was a bash script written in 2003 by Jim Radford (with David Caldwell in the room
       drawing the procedure on a white board). David later converted it do "darcs-commit-patch", then integrated them back together into commit-
       patch. Mercurial support was then added. At some point David translated from bash into perl because funky bash quoting issues were causing
       problems with a repository that had a space in one of the directory names.

perl v5.10.1							    2011-02-23							   COMMIT-PATCH(1)
All times are GMT -4. The time now is 03:07 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy