Re: [SECURITY] [DSA 3032-1] bash security update
On Thu, 25 Sep 2014, Jan Wagner wrote:
> is there still work on CVE-2014-7169, as the fix for CVE-2014-6271
> seems incomplete?
Work on that is ongoing, AFAIK.
AFAIK, exploits for CVE-2014-7169 are already public (one certainly worked
here, with the CVE-2014-6271 patch applied), and there are reports of
ongoing scans (and possibly attacks) for CVE-2014-6271 since at least 12
hours ago. I didn't see anything about ongoing scans for CVE-2014-7169 yet.
Some of those scans are benign (origin are well known white-hats), some are
I suggest everyone to do a spring cleanup in the login shells for system
accounts, and to deploy mitigation.
BTW: sudo is a viable local attack vector for this vulnerability.
"One disk to rule them all, One disk to find them. One disk to bring
them all and in the darkness grind them. In the Land of Redmond
where the shadows lie." -- The Silicon Valley Tarot