CVE-2014-6271 – TorryCrass.com

Scripting

Log Parsing Script for Shell Shock

The released script will take a given log directory, normally your website log directory, and search it for attempts to exploit the server using the recently released GNU Bourne Again Shell (bash) vulnerability also known as Shell Shock. Once it identifies these entries, it will output them into a separate Read more…

By Torry Crass, 11 years ago

Security

Bash and Shell Shock Today, The Good, But Mostly Just Bad

A few days ago I posted about a nasty vulnerability pertaining to GNU Bourne Again Shell, otherwise known as bash, The vulnerabilities still exist in unpatched systems and the scope of what could be affected is still expanding. The good news is a few vendors have provided updates clarifying that Read more…

By Torry Crass, 11 years11 years ago

Security

Holey Bash Batman! No Really, It Has Holes (CVE-2014-6271)

UPDATED: 09/26/2014 – 01:14 EST – Added vulnerability validation code This exploit may have bigger holes than even the Bat Cave. CVE-2014-6271 (Credit to Stephane Chazelas for discovery) was publicly announced yesterday, September, 24th and some articles are already calling this bug a larger security hole than the recent Heartbleed SSL Read more…

By Torry Crass, 11 years11 years ago