Snort mailing list archives
Re: I cannot find the shellshock bug detection rule in the latest community rules from https://www.snort.org
From: Teo En Ming <singapore.mr.teo.en.ming () gmail com>
Date: Fri, 26 Sep 2014 05:58:38 +0800
Dear Snort users,I have just tested my server for the Shell Shocked GNU Bash remote exploit security vulnerability by executing the following command on my BASH shell.
|$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test" The output is: ||bash: warning: x: ignoring function definition attempt bash: error importing function definition for `x' this is a test| My server is NOT vulnerable to the Shellshock security vulnerability. My GNU BASH is version 4.1.2-15. I can sleep easy tonight knowing that my server is secure. I don't need to patch GNU BASH on my server any more. Last time I had to patch my RHEL 7 server for the OpenSSL heartbleed vulnerability. My Snort NIDS is on standby waiting for people to scan my Apache web server for the Shellshock remote exploit vulnerability. Reference Article:Shell shock: what you need to do NOW about the bash remote exploit vulnerability <https://forum.bytemark.co.uk/t/shell-shock-what-you-need-to-do-now-about-the-bash-remote-exploit-vulnerability/2068> URL: https://forum.bytemark.co.uk/t/shell-shock-what-you-need-to-do-now-about-the-bash-remote-exploit-vulnerability/2068 -- Yours sincerely, Teo En Ming Singapore On 26/09/2014 05:33, Teo En Ming wrote:
Thank you Joel Esler.I have found the Shell Shocked security vulnerability detection rules in the latest Snort community rules. There are a total of 4 shellshock security vulnerability detection rules.My Snort Intrusion Detection System (IDS) is now ready and on standby.I am worried that my server is high risk to the shellshock security vulnerability. My software vendor has not announced the release of patches to GNU BASH and I cannot patch the server through the normal way "yum update". Doing a "yum update" will update all the software packages on the server and will likely break a lot of things running on the server.I don't want worms to get past my firewall and hackers to take over my server. I am worried about my Apache HTTP server with its CGI scripts.What can I do since the GNU bash patches are incomplete and my software vendor hasn't released the shellshock patches?
------------------------------------------------------------------------------ Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- I cannot find the shellshock bug detection rule in the latest community rules from https://www.snort.org Teo En Ming (Sep 25)
- Re: I cannot find the shellshock bug detection rule in the latest community rules from https://www.snort.org Joel Esler (jesler) (Sep 25)
- Re: I cannot find the shellshock bug detection rule in the latest community rules from https://www.snort.org Teo En Ming (Sep 25)
- Re: I cannot find the shellshock bug detection rule in the latest community rules from https://www.snort.org Teo En Ming (Sep 25)
- Re: I cannot find the shellshock bug detection rule in the latest community rules from https://www.snort.org Teo En Ming (Sep 25)
- Re: I cannot find the shellshock bug detection rule in the latest community rules from https://www.snort.org Jeremy Hoel (Sep 25)
- Re: I cannot find the shellshock bug detection rule in the latest community rules from https://www.snort.org Teo En Ming (Sep 26)
- Re: I cannot find the shellshock bug detection rule in the latest community rules from https://www.snort.org Joel Esler (jesler) (Sep 26)
- Re: I cannot find the shellshock bug detection rule in the latest community rules from https://www.snort.org Teo En Ming (Sep 26)
- Re: I cannot find the shellshock bug detection rule in the latest community rules from https://www.snort.org Joel Esler (jesler) (Sep 26)
- Re: I cannot find the shellshock bug detection rule in the latest community rules from https://www.snort.org Teo En Ming (Sep 25)
- Re: I cannot find the shellshock bug detection rule in the latest community rules from https://www.snort.org Joel Esler (jesler) (Sep 25)