Return-Path: X-Original-To: apmail-cloudstack-dev-archive@www.apache.org Delivered-To: apmail-cloudstack-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id B5BBF17336 for ; Tue, 30 Sep 2014 18:42:51 +0000 (UTC) Received: (qmail 89744 invoked by uid 500); 30 Sep 2014 18:42:51 -0000 Delivered-To: apmail-cloudstack-dev-archive@cloudstack.apache.org Received: (qmail 89704 invoked by uid 500); 30 Sep 2014 18:42:51 -0000 Mailing-List: contact dev-help@cloudstack.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cloudstack.apache.org Delivered-To: mailing list dev@cloudstack.apache.org Received: (qmail 89692 invoked by uid 99); 30 Sep 2014 18:42:50 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 30 Sep 2014 18:42:50 +0000 X-ASF-Spam-Status: No, hits=-5.0 required=5.0 tests=RCVD_IN_DNSWL_HI,SPF_HELO_PASS,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of Demetrius.Tsitrelis@citrix.com designates 66.165.176.89 as permitted sender) Received: from [66.165.176.89] (HELO SMTP.CITRIX.COM) (66.165.176.89) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 30 Sep 2014 18:42:26 +0000 X-IronPort-AV: E=Sophos;i="5.04,628,1406592000"; d="scan'208";a="176653614" From: Demetrius Tsitrelis To: "dev@cloudstack.apache.org" Subject: RE: Shellshock Thread-Topic: Shellshock Thread-Index: AQHP2ZKjkVs+ESyctU2JyIrpxJ2o+pwT5ctwgAVlMoD//5kmwIABZy6A//+9ygA= Date: Tue, 30 Sep 2014 18:42:03 +0000 Message-ID: <43A11A1933FEF445A080F7D88687264616475B1A@SJCPEX01CL02.citrite.net> References: <93016359-BDA3-4B25-9383-FF8213E3AF82@gmail.com> <43A11A1933FEF445A080F7D886872646164737EF@SJCPEX01CL02.citrite.net> <43A11A1933FEF445A080F7D8868726461647518E@SJCPEX01CL02.citrite.net> <8F77A45F-8E06-43D8-B439-AF0A2D42E123@gmail.com> In-Reply-To: <8F77A45F-8E06-43D8-B439-AF0A2D42E123@gmail.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: Content-Type: text/plain; charset="iso-2022-jp" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Virus-Checked: Checked by ClamAV on apache.org When I do "echo $SHELL" on the Virtual Router instance I see "/bin/bash". -----Original Message----- From: Go Chiba [mailto:go.chiba@gmail.com]=20 Sent: Tuesday, September 30, 2014 8:38 AM To: dev@cloudstack.apache.org Subject: Re: Shellshock Hi folks, By my digging, ipcalc included system() function call but debian based our = system vm are using dash as system shell. So I think this shellshock concer= n are not directly affected to system vm cgi-bin. right? GO from my iPhone 2014/09/30 10:13=1B$B!"=1B(BDemetrius Tsitrelis =1B$B$N%a%C%;!<%8=1B(B: > http://systemvm-public-ip/cgi-bin/ipcalc is a perl script. >=20 > -----Original Message----- > From: Sheng Yang [mailto:sheng@yasker.org] > Sent: Monday, September 29, 2014 5:21 PM > To: > Subject: Re: Shellshock >=20 > http://systemvm-public-ip/cgi-bin/ipcalc is NOT a bash script, so it's no= rmal that it cannot be exploited. >=20 > --Sheng >=20 >> On Fri, Sep 26, 2014 at 1:57 PM, Demetrius Tsitrelis < Demetrius.Tsitrel= is@citrix.com> wrote: >>=20 >> Do you mean you tried setting the USER_AGENT like in=20 >> https://community.qualys.com/blogs/securitylabs/2014/09/25/qualysguar >> d -remote-detection-for-bash-shellshock >> ? >>=20 >>=20 >> -----Original Message----- >> From: Ian Duffy [mailto:ian@ianduffy.ie] >> Sent: Friday, September 26, 2014 6:56 AM >> To: CloudStack Dev >> Subject: Re: Shellshock >>=20 >> Tried this against the latest system vms built on Jenkins. >>=20 >> Didn't get a successful exploited response. Tested against=20 >> http://systemvm >> - public-ip/cgi-bin/ipcalc >>> On 25 Sep 2014 16:56, "Abhinandan Prateek" wrote= : >>>=20 >>>=20 >>> After heart bleed we are Shell shocked >>> http://www.bbc.com/news/technology-29361794 ! >>> It may not affect cloudstack directly as it is a vulnerability that=20 >>> affects bash, and allows the attacker to take control of the system=20 >>> running bash shell. >>>=20 >>> -abhi >>=20