lilprinze: h

victorazy:

Are we learning ABCD?

victorazy:

Is that the size of ur brain?

merieam16: tankz buh wz dat d explainatn

otijah: @op I swear u didn't even und what you posted, neigther do I, but all am saying iS no bash or born again Shell weapon formed against NL Shall prosper. Say amen by clicking like

ikp4succes: how am i not sure that command will not bring d virus lol

Billyonaire: The Cross-site scripting (XSS) vulnerability has been on for a while now and has been used to bypass access controls to inject malicious scripts to servers. The malicious scripts can be used to do a lot of harm to the server even for use of botnets etc.

Solution is to scan your server for the vul and patch the shit. That's it.

pat077: i rep team #microsoft.

otijah: @op I swear u didn't even und what you posted, neigther do I, but all am saying iS no bash or born again Shell weapon formed against NL Shall prosper. Say amen by clicking like

DonaldGenes:

Microsoft OS is not always secured, do you know I can remotely shut down your system if I know your IP address?

Have you seen that simple CMD promt code before?
C:\shutdown /i

DonaldGenes: Wow! How come? However, iKnow Linux OS hardly get crack into and for years no Known virus Attack has been seen because of its excellent security features
Let me run the script on my Linux OS



Oh boy, ehh ,shiiiiiiit mehn

Some people have called this vulnerability, "worse than Heartbleed" and that is saying something but based on my understanding of the bug, the discussions on the bug-bash mailing list and experience as a user of GNU/Linux, I'd say this statement is very true. Shellshock is capable of much more than Heartbleed.

To give you an idea of how bad this is:
CERT/NIST reveal level 10 bash alert today, 24 September 2014
A level 10 alert for this bug, that has to get your heart pumping.

merieam16: Wat er dis 1ce sayin ,sumbori pls explain

ITbomb:
Guy you no fit, shutting down a private ip address node needs more than that

victorazy:

Is that the size of ur brain?

DonaldGenes:


In Bash, You can Literally define an environment variable which is a function.. You get it now? Lol

proof-of-concept of this attack:
$ env x='() { :;}; echo vulnerable'  bash -c "echo this is a test


Ask your boyfriend to show you what that means

Enouwem: [img]http://1.bp..com/-VQ8KDBhjMDM/VCPBgN-AVvI/AAAAAAAAgd8/TLel5x_Xmeo/s728/bash-shellshock.png[/img]

A Critical remotely exploitable vulnerability has been discovered in the
widely used Linux and Unix command-line
shell, known as Bash , aka the GNU
Bourne Again Shell, leaving countless
websites, servers, PCs, OS X Macs, various
home routers, and many more open to the
cyber criminals.
Earlier today, Stephane Chazelas publicly
disclosed the technical details of the
remote code execution vulnerability in
Bash which affects most of the Linux
distributions and servers worldwide.
REMOTELY EXPLOITABLE SHELLSHOCK
The vulnerability (CVE-2014-6271)
affects versions 1.14 through 4.3 of GNU
Bash and being named as Bash Bug, and
Shellshock by the Security researchers on
the Internet discussions.
According to the technical details, a
hacker could exploit this bash bug to
execute shell commands remotely on a
target machine using specifically crafted
variables. “In many common
configurations, this vulnerability is
exploitable over the network, ” Stephane
said.
This 22-year-old vulnerability stems from
the way bash handles specially-formatted
environment variables, namely exported
shell functions. When assigning a function
to a variable, trailing code in the function
definition will be executed.
BASH BUG AFFECTS MILLIONS OF
SYSTEMS
While bash is not directly used by remote
users, but it is a common shell for
evaluating and executing commands from
other programs, such as web server or the
mail server. So if an application calls the
Bash shell command via web HTTP or a
Common-Gateway Interface (CGI) in a
way that allows a user to insert data, the
web server could be hacked.
In Simple words, If Bash has been
configured as the default system shell, an
attacker could launch malicious code on
the server just by sending a specially
crafted malicious web request by setting
headers in a web request, or by setting
weird mime types. Proof-of-concept code
for cgi-bin reverse shell has been posted
on the Internet.
Similar attacks are possible via
OpenSSH, “We have also verified
that this vulnerability is exposed in
ssh—but only to authenticated
sessions. Web applications like cgi-
scripts may be vulnerable based on
a number of factors; including
calling other applications through a
shell, or evaluating sections of code
through a shell.” Stephane warned.
But if an attacker does not have an
SSH account this exploit would not
work.
This is a serious risk to Internet
infrastructure, just like Heartbleed bug,
because Linux not only runs the majority
of the servers but also large number of
embedded devices, including Mac OS X
laptops and Android devices are also
running the vulnerable version of bash
Software. NIST vulnerability database has
rated this vulnerability “10 out of 10” in
terms of severity.
HOW TO CHECK FOR VULNERABLE
SHELL
To determine if a Linux or Unix system is
vulnerable, run the following command
lines in your linux shell:
env X="() { :;} ; echo
shellshock" /bin/sh -c "echo
completed"
env X="() { :;} ; echo shellshock"
`which bash` -c "echo
completed"
If you see the words "shellshock" in the
output, errrrr… then you are at risk.
BASH BUG PATCH
You are recommended to disable any CGI
scripts that call on the shell, but it does
not fully mitigate the vulnerability. Many
of the major operating system and Linux
distribution vendors have released the
new bash software versions today,
including:
Red Hat Enterprise Linux (versions 4
through 7) and the Fedora distribution
CentOS (versions 5 through 7)
Ubuntu 10.04 LTS, 12.04 LTS, and
14.04 LTS
Debian
If your system is vulnerable to bash bug,
then you are highly recommended to
upgrade your bash software package as
soon as possible.
Source: http://thehackernews.com/2014/09/bash-shell-vulnerability-shellshock.html?m=1

otijah: @op I swear u didn't even und what you posted, neigther do I, but all am saying iS no bash or born again Shell weapon formed against NL Shall prosper. Say amen by clicking like