http://systemvm-public-ip/cgi-bin/ipcalc is NOT a bash script, so it's normal that it cannot be exploited.
--Sheng On Fri, Sep 26, 2014 at 1:57 PM, Demetrius Tsitrelis < demetrius.tsitre...@citrix.com> wrote: > Do you mean you tried setting the USER_AGENT like in > https://community.qualys.com/blogs/securitylabs/2014/09/25/qualysguard-remote-detection-for-bash-shellshock > ? > > > -----Original Message----- > From: Ian Duffy [mailto:i...@ianduffy.ie] > Sent: Friday, September 26, 2014 6:56 AM > To: CloudStack Dev > Subject: Re: Shellshock > > Tried this against the latest system vms built on Jenkins. > > Didn't get a successful exploited response. Tested against http://systemvm > - public-ip/cgi-bin/ipcalc > On 25 Sep 2014 16:56, "Abhinandan Prateek" <agneya2...@gmail.com> wrote: > > > > > After heart bleed we are Shell shocked > > http://www.bbc.com/news/technology-29361794 ! > > It may not affect cloudstack directly as it is a vulnerability that > > affects bash, and allows the attacker to take control of the system > > running bash shell. > > > > -abhi >