

NerdytData patches Shellshock in a single crawl - wolfteets
http://blog.nerdydata.com/post/98906853956/nerdydata-patches-shellshock-in-a-single-crawl

======
namecast
Hmm. Is root privs escalation part of shellshock? If not, then I think this is
just going to try to yum update or apt-get update as the www-data user /
nobody user / apache user / you get the idea.

Anyone who's running their web server as a user with enough privileges to run
package installs unattended is probably in for a worse fate than an unexpected
bash update, I imagine...

~~~
skuhn
No, there is no local privilege escalation. So at best this can hit the four
machines in the world that run bash CGI scripts as root.

Also, their apt-get command is incorrect. _apt-get update_ updates the local
repo cache, _apt-get -yy install bash_ will upgrade the bash package. So now
they're down to two of the four machines, the ones that run RHEL.

All their exercise has done is to land their crawler IPs on some lists of IPs
attempting to exploit this vulnerability. I don't think that will help them
any with their business.

~~~
skuhn
Not to mention that their syntax is wrong and won't trigger the vulnerability
in the first place.

    
    
      env x='() {.:;.} ; echo yo'
      *line 0: syntax error near unexpected token `{.:'*
    

It should be:

    
    
      env x='() { :;} ; echo yo'
    

Better luck next time.

------
hartror
Sounds to me like an excellent way to get yourself sued or worse.

~~~
kolev
Or maybe get a truckload of "thank you" postcards..

