cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Demetrius Tsitrelis <Demetrius.Tsitre...@citrix.com>
Subject RE: Shellshock
Date Tue, 30 Sep 2014 01:13:01 GMT
http://systemvm-public-ip/cgi-bin/ipcalc is a perl script.

-----Original Message-----
From: Sheng Yang [mailto:sheng@yasker.org] 
Sent: Monday, September 29, 2014 5:21 PM
To: <dev@cloudstack.apache.org>
Subject: Re: Shellshock

http://systemvm-public-ip/cgi-bin/ipcalc is NOT a bash script, so it's normal that it cannot
be exploited.

--Sheng

On Fri, Sep 26, 2014 at 1:57 PM, Demetrius Tsitrelis < Demetrius.Tsitrelis@citrix.com>
wrote:

> Do you mean you tried setting the USER_AGENT like in 
> https://community.qualys.com/blogs/securitylabs/2014/09/25/qualysguard
> -remote-detection-for-bash-shellshock
> ?
>
>
> -----Original Message-----
> From: Ian Duffy [mailto:ian@ianduffy.ie]
> Sent: Friday, September 26, 2014 6:56 AM
> To: CloudStack Dev
> Subject: Re: Shellshock
>
> Tried this against the latest system vms built on Jenkins.
>
> Didn't get a successful exploited response. Tested against 
> http://systemvm
> - public-ip/cgi-bin/ipcalc
> On 25 Sep 2014 16:56, "Abhinandan Prateek" <agneya2001@gmail.com> wrote:
>
> >
> > After heart bleed we are Shell shocked
> > http://www.bbc.com/news/technology-29361794 !
> > It may not affect cloudstack directly as it is a vulnerability that 
> > affects bash, and allows the attacker to take control of the system 
> > running bash shell.
> >
> > -abhi
>
Mime
View raw message