cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Demetrius Tsitrelis <Demetrius.Tsitre...@citrix.com>
Subject RE: Shellshock
Date Fri, 26 Sep 2014 20:57:47 GMT
Do you mean you tried setting the USER_AGENT like in https://community.qualys.com/blogs/securitylabs/2014/09/25/qualysguard-remote-detection-for-bash-shellshock?


-----Original Message-----
From: Ian Duffy [mailto:ian@ianduffy.ie] 
Sent: Friday, September 26, 2014 6:56 AM
To: CloudStack Dev
Subject: Re: Shellshock

Tried this against the latest system vms built on Jenkins.

Didn't get a successful exploited response. Tested against http://systemvm
- public-ip/cgi-bin/ipcalc
On 25 Sep 2014 16:56, "Abhinandan Prateek" <agneya2001@gmail.com> wrote:

>
> After heart bleed we are Shell shocked
> http://www.bbc.com/news/technology-29361794 !
> It may not affect cloudstack directly as it is a vulnerability that 
> affects bash, and allows the attacker to take control of the system 
> running bash shell.
>
> -abhi
Mime
View raw message