This Metasploit module exploits the code injection flaw known as shellshock which leverages specially crafted environment variables in Bash. This exploit specifically targets Pure-FTPd when configured to use an external program for authentication.
d1353f15ae7ed9aea8cd6b1644f5fbeada6291338684996bc3b3a388a0f3b2ecXShock is a python script that exploits the recent bash vulnerability. It includes four reverse shells that can be used during the attack.
1a8bd993f5c64870806410d5fe62dac2cabbf441a4227dac519d0b5a72ebef22This is information regarding more bash vulnerabilities and how the original bash patches are ineffective.
9bef4f643cbc941c231d0995aa7df24f7322c03118f4cd7d60f56a5e05ccb428VMware Security Advisory 2014-0010 - VMware product updates address Bash security vulnerabilities.
35f6ed13d7102c88ca22ea6b869c28a45351e9ff87730aeeba642d5f37e08c62HP Security Bulletin HPSBHF03119 - A potential security vulnerability has been identified with HP DreamColor Display running Bash Shell. This is the Bash Shell vulnerability known as "ShellShock" which could be exploited remotely to allow execution of code. NOTE: Only the Z27x model is vulnerable. Revision 1 of this advisory.
da9257ca6c57b23fa4805ff297044e25f462fa8dde75c23bf8abded80b03f407HP Security Bulletin HPSBGN03117 - A potential security vulnerability has been identified with HP Remote Device Access: Virtual Customer Access System (vCAS) running Bash Shell. This is the Bash Shell vulnerability known as "ShellShock" which could be exploited remotely to allow execution of code. NOTE: The vCAS product is vulnerable only if DHCP is enabled. Revision 1 of this advisory.
477153bb7561e72d2c4aa3bcf37dc3af2ca5f1778cd8673085ac6be3db145009IPFire versions 2.15 and below core 82 authenticated CGI remote command injection exploit that leverages the bash vulnerability.
012683f158b1fbd6670d51a9c56bc769954678884f249efc8a122651350705c8ExploitPack GNU Bash versions 4.3 and below command injection exploit that leverages the User-Agent header against a given website.
142c835b75cbe04a6ca350ec7bb8fea228669c18def84dd5d24a93513e005852When bash is started with an environment variable that begins with the string "() {", that variable is treated as a function definition and parsed as code. If extra commands are added after the function definition, they will be executed immediately. When dhclient receives an ACK that contains a domain name or hostname, they are passed to configuration scripts as environment variables, allowing us to trigger the bash bug. Because of the length restrictions and unusual networking scenario at time of exploitation, this Metasploit module achieves code execution by echoing our payload into /etc/crontab and cleans it up when we get a shell.
5d7d7b3c51f3ee9f6de8df21a01a41ce128a74b5cdd4be3f7d65a7357f36ed1eThis Metasploit module exploits a code injection in specially crafted environment variables in Bash, specifically targeting Apache mod_cgi scripts through the HTTP_USER_AGENT variable.
bddccc35d3cda611c86307a7ce0074fc7d74f100f9a6dea0b6e39a478138e054This Metasploit module exploits a code injection in specially crafted environment variables in Bash, specifically targeting dhclient network configuration scripts through the HOSTNAME, DOMAINNAME, and URL DHCP options.
79d7a8dc657f6596bbdf6d89daca73b5c6faa99cc6ea47bed9be15fb8d04a23aGNU Bash versions 4.3 and below remote command injection exploit that leverages the REFERER header on vulnerable CGI scripts. Launches a connect-back shell. Written in Perl.
19dfcfb3d85be26b41d2f9316ffaebf7de4fe7c3b8fd4d6b1cf6a55a6f1ba395Gnu Bash versions 4.3 and below remote command injection exploit that leverages the User-Agent header via vulnerable CGI scripts. Written in Python.
057996be27a48a42909a085ad63607f515c2c4f7a1da1dc7eddd802689cd126cThis abuses the bug in bash environment variables (CVE-2014-6271) to get a suid binary inside of VMWare Fusion to launch our payload as root.
f04f53cef923e1ebad417dccfb1f6d01ee754b3ddac0ef16fcb609fa3f055392bashedCgi is a quick and dirty Metasploit module to send the BASH exploit payload (CVE-2014-6271) to CGI scripts that are BASH-based or invoke BASH, to execute an arbitrary shell command.
917183304ff31e505f18d434fcc284d5fe270c928e0cc5e96231c14eabb1aae3Debian Linux Security Advisory 3032-1 - Stephane Chazelas discovered a vulnerability in bash, the GNU Bourne-Again Shell, related to how environment variables are processed. In many common configurations, this vulnerability is exploitable over the network, especially if bash has been configured as the system shell.
7d7ff0314912c76766865251c1493b2d34d061b327ed6f9d10226a30e97312ddSlackware Security Advisory - New bash packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, and -current to fix a security issue.
3d7981c8975006f49b5ad19b36029267c1636583968e19f0348fe0f6d92b8448Mandriva Linux Security Advisory 2014-186 - A flaw was found in the way Bash evaluated certain specially crafted environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Certain services and applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue.
dd22cfcf0af7e59f09c6b9d501bda0a7b9030bdd6dc16f7d18f439d3bc864382Due to a processing issue with environment variables it is possible to leverage bash for command execution through various methodologies.
10416de1b992e9a1adc732bd402d4760e0a76f5de17bf16ba8456967dcec154bBash specially-crafted environment variable code injection proof of concept exploit that inserts the malicious payload into a User-Agent header and looks for a 500 response on a web server.
1273ee8212b97a8ecaf568588e84bc96f969eba4ff5386e89d28e7453e106454Gentoo Linux Security Advisory 201409-9 - A parsing flaw related to functions and environments in Bash could allow attackers to inject code. Versions less than 4.2_p48 are affected.
8551811d553ddfdec75a15ba67cdecb9c82f0b7c97bfce099ffa5852dc723278Ubuntu Security Notice 2362-1 - Stephane Chazelas discovered that Bash incorrectly handled trailing code in function definitions. An attacker could use this issue to bypass environment restrictions, such as SSH forced command environments.
38879f99144687f30726884eb5642eea192bbd07a6ce0db592a56ffdc7e29b5bRed Hat Security Advisory 2014-1294-01 - The GNU Bourne Again shell is a shell and command language interpreter compatible with the Bourne shell. Bash is the default shell for Red Hat Enterprise Linux. A flaw was found in the way Bash evaluated certain specially crafted environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Certain services and applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue.
367558e0af4bea38e2153ee9ee9c6ce9ff57eb72553269ce1c96319107027e35Red Hat Security Advisory 2014-1295-01 - The GNU Bourne Again shell is a shell and command language interpreter compatible with the Bourne shell. Bash is the default shell for Red Hat Enterprise Linux. Shift_JIS, also known as "SJIS", is a character encoding for the Japanese language. This package provides bash support for the Shift_JIS encoding. A flaw was found in the way Bash evaluated certain specially crafted environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Certain services and applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue.
0ab1587f987ce692a6ed8a870be5c168ea32c5c83293ed22e852410b266a93f8Red Hat Security Advisory 2014-1293-01 - The GNU Bourne Again shell is a shell and command language interpreter compatible with the Bourne shell. Bash is the default shell for Red Hat Enterprise Linux. A flaw was found in the way Bash evaluated certain specially crafted environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Certain services and applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue.
11602d72b531b9a3376befaf2f40d6b9bc9bb40b1d354a5986c1541d7c56f5cd
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed