Supporta il tuo Forum su Patreon!
 
  > Register  
  > Calendar  
  > Members List  
 
  > Supporta il Forum  
  > Today's Posts  
   

Go Back   netgamers.it > NetGamers Life > Agorà

Reply
 
Thread Tools Rating: Thread Rating: 16 votes, 4.88 average.
Old 25th September 2014, 15:20   #61
FrancisDrakeZ
...
 
FrancisDrakeZ's Avatar
 
Join Date: Oct 2011
Location: in deep seas
Posts: 992
Quote:
Originally Posted by Lihid Zoil View Post
si ma devono cmq loggarsi alla macchina giusto? è rischioso solo per chi ha ssh aperto al pubblico o anche per chi ha solo la porta https o 80 aperta?
la seconda
__________________
---
FrancisDrakeZ is offline   Reply With Quote
Old 25th September 2014, 15:20   #62
trepz
Registered User
 
trepz's Avatar
 
Join Date: May 2008
Posts: 1,300
Quote:
Originally Posted by Lihid Zoil View Post
si ma devono cmq loggarsi alla macchina giusto? è rischioso solo per chi ha ssh aperto al pubblico o anche per chi ha solo la porta https o 80 aperta?
Se sul webserver ti gira roba in CGI sei vulnerabile anche così. Moar info: www.troyhunt.com/2014/09/everything-you-need-to-know-about.html
__________________
My name is legion, for we are many
trepz is offline   Reply With Quote
Old 25th September 2014, 15:21   #63
FrancisDrakeZ
...
 
FrancisDrakeZ's Avatar
 
Join Date: Oct 2011
Location: in deep seas
Posts: 992
Quote:
Originally Posted by YoShi View Post
Quindi quando avranno fixato il problema dovremo ricambiare per l'ennesima volta le psw a tutto?
a meno che tu sia sicuro che nessuno l'ha sfruttata... sarebbe saggio
__________________
---
FrancisDrakeZ is offline   Reply With Quote
Old 25th September 2014, 15:23   #64
Goran
The Wizard
 
Goran's Avatar
 
Join Date: Jan 2000
Location: [email protected]:/home/Milano
Posts: 31,346
Mi è appena passata 'sta roba:


[25/Sep/2014:02:20:36 +0200] "GET / HTTP/1.0" 200 453 "() { :; }; ping -c 11 209.126.230.74" "shellshock-scan (http://blog.erratasec.com/2014/09/bash-shellshock-scan-of-internet.html)"


http://blog.erratasec.com/2014/09/ba...l#.VCQIyit_s58

C'abbiamo pure i white hat in azione
__________________
Goran - forum admin
Obsessed, Ykes, Araphao On WoW | =FC= Goran On Unreal Tournament
flickr | 5∞ px | twitter | google+

Last edited by Goran; 25th September 2014 at 15:24.
Goran is offline   Reply With Quote
Old 25th September 2014, 15:23   #65
Drunkenduck
Il buon vin è quello nero
 
Drunkenduck's Avatar
 
Join Date: Jun 2010
Location: Susegana (TV)
Posts: 24,924
azz questo è potente
Drunkenduck is online now   Reply With Quote
Old 25th September 2014, 15:23   #66
Goran
The Wizard
 
Goran's Avatar
 
Join Date: Jan 2000
Location: [email protected]:/home/Milano
Posts: 31,346
Quote:
Originally Posted by =Phoenix= View Post
Ubuntu 14.04.1 LTS here, vulnerabile. ho patchato ma devo ancora fare il reboot (e per 2 h non posso )

happy days
Non serve rebootare.
__________________
Goran - forum admin
Obsessed, Ykes, Araphao On WoW | =FC= Goran On Unreal Tournament
flickr | 5∞ px | twitter | google+
Goran is offline   Reply With Quote
Old 25th September 2014, 15:24   #67
trepz
Registered User
 
trepz's Avatar
 
Join Date: May 2008
Posts: 1,300
Quote:
Originally Posted by Goran View Post
Mi è appena passata 'sta roba:

Code:
[25/Sep/2014:02:20:36 +0200] "GET / HTTP/1.0" 200 453 "() { :; }; ping -c 11 209.126.230.74" "shellshock-scan (http://blog.erratasec.com/2014/09/bash-shellshock-scan-of-internet.html)"
http://blog.erratasec.com/2014/09/ba...l#.VCQIyit_s58

C'abbiamo pure i white hat in azione
C'è chi ipotizza la possibilità di utilizzare l'exploit per patchare remotamente le macchine
__________________
My name is legion, for we are many
trepz is offline   Reply With Quote
Old 25th September 2014, 15:25   #68
=Phoenix=
SQHELL
 
=Phoenix='s Avatar
 
Join Date: Feb 2003
Location: Dublin
Posts: 11,495
Quote:
Originally Posted by Goran View Post
Non serve rebootare.
dopo la patch è ancora vulnerabile a quanto pare. l'articolo suggerisce reboot altrimenti non mi spiego
__________________
| |
NES 2.0 - Vintage HTPC mod
=Phoenix= is offline   Reply With Quote
Old 25th September 2014, 15:26   #69
FrancisDrakeZ
...
 
FrancisDrakeZ's Avatar
 
Join Date: Oct 2011
Location: in deep seas
Posts: 992
Quote:
Originally Posted by trepz View Post
C'è chi ipotizza la possibilità di utilizzare l'exploit per patchare remotamente le macchine
da grandi poteri derivano grandi responsabilità
__________________
---
FrancisDrakeZ is offline   Reply With Quote
Old 25th September 2014, 15:26   #70
Massimo [Fea]
Now playing
 
Massimo [Fea]'s Avatar
 
Join Date: Jun 2002
Location: da 20 a 20000 hz
Posts: 4,470
Cioè usano l exploit per correggere il bug al sistema?

Forte!

Quindi dipende solo chi arriva per primo
Massimo [Fea] is offline   Reply With Quote
Old 25th September 2014, 15:27   #71
joyrex
triggering
 
joyrex's Avatar
 
Quote:
Originally Posted by =Phoenix= View Post
dopo la patch è ancora vulnerabile a quanto pare. l'articolo suggerisce reboot altrimenti non mi spiego
il reboot non ha senso in quanto l'exploit viene eseguito in un ENV invocato al momento e se hai patchato bash l'env invocato è quello patchato, ergo il reboot è completamente inutile


al di là del fatto che la patch attuale non copre il bug
__________________
>>
We are the music makers, And we are the dreamers of dreams,
Wandering by lone sea-breakers, And sitting by desolate times;—
joyrex is offline   Reply With Quote
Old 25th September 2014, 15:27   #72
Goran
The Wizard
 
Goran's Avatar
 
Join Date: Jan 2000
Location: [email protected]:/home/Milano
Posts: 31,346
Quote:
Originally Posted by =Phoenix= View Post
dopo la patch è ancora vulnerabile a quanto pare. l'articolo suggerisce reboot altrimenti non mi spiego
Resta vulnerabile perchè la patch non è completa.

Ma non serve rebootare per sostituire bash.
__________________
Goran - forum admin
Obsessed, Ykes, Araphao On WoW | =FC= Goran On Unreal Tournament
flickr | 5∞ px | twitter | google+
Goran is offline   Reply With Quote
Old 25th September 2014, 15:28   #73
=Phoenix=
SQHELL
 
=Phoenix='s Avatar
 
Join Date: Feb 2003
Location: Dublin
Posts: 11,495
ah ok perfetto... quindi patch fasulla, ottimo
__________________
| |
NES 2.0 - Vintage HTPC mod
=Phoenix= is offline   Reply With Quote
Old 25th September 2014, 15:28   #74
N3uro
nomen omen
 
N3uro's Avatar
 
Join Date: Oct 2002
Location: Aalborg, DK
Posts: 12,386
vado a cambiarmi le mutande
__________________
Despair is when you’re debugging a kernel driver and you look at a memory dump and you see that a pointer has a value of 7.
Ricerca è far uscire PAZZO il tuo successore perchè non DOCUMENTI NIENTE
I HAVE NO TOOLS BECAUSE I’VE DESTROYED MY TOOLS WITH MY TOOLS
N3uro is online now   Reply With Quote
Old 25th September 2014, 15:30   #75
joyrex
triggering
 
joyrex's Avatar
 
Quote:
Originally Posted by =Phoenix= View Post
ah ok perfetto... quindi patch fasulla, ottimo
Non è fasulla è semplicemente un fix temporaneo che è stato bypassato in poco tempo

classico gioco del gatto che insegue il topo
__________________
>>
We are the music makers, And we are the dreamers of dreams,
Wandering by lone sea-breakers, And sitting by desolate times;—
joyrex is offline   Reply With Quote
Reply

Thread Tools
Rate This Thread
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +2. The time now is 10:22.



Copyright 2017-2024 by netgamers.it