oss-sec mailing list archives

Re: CVE-2014-6271: remote code execution through bash

From: Riot <rain.backnet () gmail com>
Date: Fri, 26 Sep 2014 17:03:35 +0100

For anyone running Fail2ban, here is a simple filter to detect this attack
with Apache:

https://github.com/slowriot/fail2ban/blob/master/config/filter.d/apache-shellshock.conf

Current thread:

Re: CVE-2014-6271: remote code execution through bash, (continued)
- - - Re: CVE-2014-6271: remote code execution through bash Solar Designer (Sep 25)
    - Message not available
    - Re: CVE-2014-6271: remote code execution through bash Chet Ramey (Sep 25)
    - Re: CVE-2014-6271: remote code execution through bash Alexandre Dulaunoy (Sep 25)
    - Re: CVE-2014-6271: remote code execution through bash Larry W. Cashdollar (Sep 25)
    - Re: CVE-2014-6271: remote code execution through bash Chet Ramey (Sep 25)
    - Re: CVE-2014-6271: remote code execution through bash Dwayne Litzenberger (Sep 26)
    - Re: CVE-2014-6271: remote code execution through bash Solar Designer (Sep 26)
    - Re: CVE-2014-6271: remote code execution through bash Chet Ramey (Sep 26)
  - Re: CVE-2014-6271: remote code execution through bash Michal Zalewski (Sep 24)
  - Re: CVE-2014-6271: remote code execution through bash cve-assign (Sep 24)
- Re: CVE-2014-6271: remote code execution through bash Riot (Sep 26)
- Fwd: CVE-2014-6271: remote code execution through bash Gennady Kupava (Sep 26)