We may use the below scanner to identify this vulnerability. One of our ex-colleague has written it, its a remote, network scanner and available as free download.
http://blog.crowdstrike.com/crowdstrike-shellshock-scanner/ Seems configurable with custom paths. Please check the note at the end. Regards, Santhosh ________________________________________ From: Demetrius Tsitrelis [[email protected]] Sent: Wednesday, October 01, 2014 1:59 PM To: <[email protected]> Subject: RE: Shellshock Actually, I am not sure. Only the env.cgi script is loaded and, while the other scripts are in perl, there is nothing in the video which shows the source for the env.cgi script so it may not be perl. -----Original Message----- From: Demetrius Tsitrelis [mailto:[email protected]] Sent: Wednesday, October 01, 2014 10:52 AM To: <[email protected]> Subject: RE: Shellshock Interestingly this video shows attack against a perl script... https://www.youtube.com/watch?v=ArEOVHQu9nk -----Original Message----- From: Demetrius Tsitrelis [mailto:[email protected]] Sent: Monday, September 29, 2014 6:13 PM To: <[email protected]> Subject: RE: Shellshock http://systemvm-public-ip/cgi-bin/ipcalc is a perl script. -----Original Message----- From: Sheng Yang [mailto:[email protected]] Sent: Monday, September 29, 2014 5:21 PM To: <[email protected]> Subject: Re: Shellshock http://systemvm-public-ip/cgi-bin/ipcalc is NOT a bash script, so it's normal that it cannot be exploited. --Sheng On Fri, Sep 26, 2014 at 1:57 PM, Demetrius Tsitrelis < [email protected]> wrote: > Do you mean you tried setting the USER_AGENT like in > https://community.qualys.com/blogs/securitylabs/2014/09/25/qualysguard > -remote-detection-for-bash-shellshock > ? > > > -----Original Message----- > From: Ian Duffy [mailto:[email protected]] > Sent: Friday, September 26, 2014 6:56 AM > To: CloudStack Dev > Subject: Re: Shellshock > > Tried this against the latest system vms built on Jenkins. > > Didn't get a successful exploited response. Tested against > http://systemvm > - public-ip/cgi-bin/ipcalc > On 25 Sep 2014 16:56, "Abhinandan Prateek" <[email protected]> wrote: > > > > > After heart bleed we are Shell shocked > > http://www.bbc.com/news/technology-29361794 ! > > It may not affect cloudstack directly as it is a vulnerability that > > affects bash, and allows the attacker to take control of the system > > running bash shell. > > > > -abhi >
