How Hong Kong Protesters Are Connecting, Without Cell Or Wi-Fi NetworksHow Hong Kong Protesters Are Connecting, Without Cell Or Wi-Fi Networks : All Tech Considered Pro-democracy protesters are downloading a fast-growing app called FireChat to stay in touch. It has been used around the world during political unrest.
shellshock 㨠sudo - hogehoge @teramako
CVE-2014-6271を発端ã¨ã™ã‚‹ bash ã®è„†å¼±æ€§ã€ã„ã‚ゆる ShellShock ã£ã¦å‘¼ã°ã‚Œã¦ã„る奴。環境変数ã«ä»•è¾¼ã‚“ã ä»»æ„ã®ã‚³ãƒžãƒ³ãƒ‰ã‚’実行ã§ãã¦ã—ã¾ã†ã£ã¦ã“ã¨ã‹ã‚‰ã€CGI ã¨ã®çµ„ã¿åˆã‚ã›ãŒå–り沙汰ã•ã‚Œã¦ã„る。 ãã®é ƒ sudo ã®è¨å®šã®å‹‰å¼·ã‚’ã—ã¦ã„ãŸã®ã§ã€ãµã¨æ°—ã«ãªã£ãŸã®ãŒã€sudoã®è¨å®šã§ç’°å¢ƒå¤‰æ•°ã‚’æŒã¡è¶Šã—ã¦ä½¿ç”¨ã™ã‚‹ã“ã¨ãŒã§ãã‚‹ env_keep ã®è¨å®šã€‚sudo 㧠root ã¨ã—ã¦bashを実行ã•ã›ã‚Œã°ã€ä»»æ„ã®ã‚³ãƒžãƒ³ãƒ‰ã‚’ç‰¹æ¨©æ˜‡æ ¼ã—ã¦å®Ÿè¡Œã§ãã¡ã‚ƒã†ã‚“ã˜ã‚ƒï¼Ÿ ã¨ã„ã†ã‚‚ã®ã€‚ 早速試ã—ã¦ã¿ãŸã€‚ 普通ã«å®Ÿè¡Œã—ãŸã‚‚ã® $ export ORACLE_SID='() { :;}; echo Vulnerability !!!' $ cat /usr/local/bin/testcmd #!/bin/bash -x id printenv ORACLE_SID $ /usr/local/
bash ã®è„†å¼±æ€§ "Shell Shock" ã®ã‚ã£ã¡ã‚ƒç´°ã‹ã„話 (CVE-2014-6271) - ã‚‚ã‚ãš blog
※(2014/10/1 追記) 脆弱性ã®ç•ªå·ã‚’誤ã£ã¦ CVE-2014-6721 ã¨è¡¨è¨˜ã—ã¦ã—ã¾ã£ã¦ã„ã¾ã—㟠æ£ã—ã㯠"CVE-2014-6271" ã§ã™ 失礼致ã—ã¾ã—㟠※(2014/10/7 追記) 2014/10/7 14:00時点㧠Shell Shock ã¸ã®ä¿®æ£ãƒ‘ッãƒã¯6個 公開ã•ã‚Œã¦ã„ã¾ã™ æ—¢ã«å¯¾å¿œæ¸ˆã¿ã®ã‚·ã‚¹ãƒ†ãƒ ã§ã‚‚パッãƒã®æ¼ã‚ŒãŒãªã„ã‹æ³¨æ„ã—ã¦ãã ã•ã„ シェルã«è„†å¼±æ€§ãŒè¦‹ã¤ã‹ã£ãŸã‚‰ã—ã„ã§ã™ ã“ã®ã‚³ãƒžãƒ³ãƒ‰ã‚’実行ã™ã‚‹ã¨è„†å¼±æ€§ãŒã‚ã‚‹ãƒãƒ¼ã‚¸ãƒ§ãƒ³ã‹ã®ãƒã‚§ãƒƒã‚¯ãŒã§ãるよã†ã§ã™ $ env x='() { :;}; echo vulnerable' bash -c "echo this is a test" 以下ã®ã‚ˆã†ã«è¡¨ç¤ºã•ã‚ŒãŸã‚‰ã‚¢ã‚¦ãƒˆã§ã™ vulnerable this is a test ã©ã†ã‚„らã€ã“ã®ã‚³ãƒžãƒ³ãƒ‰ãŒæ£å¸¸ã«å®Ÿè¡Œã§ãã‚‹ã¨ã„ã†ã®ãŒã“ã®è„†å¼±æ€§ã®æ£ä½“らã—ã〠echo vuln
リリースã€éšœå®³æƒ…å ±ãªã©ã®ã‚µãƒ¼ãƒ“スã®ãŠçŸ¥ã‚‰ã›
最新ã®äººæ°—エントリーã®é…ä¿¡
処ç†ã‚’実行ä¸ã§ã™
j次ã®ãƒ–ックマーク
kå‰ã®ãƒ–ックマーク
lã‚ã¨ã§èªã‚€
eコメント一覧を開ã
oページを開ã
{{#tags}}- {{label}}
{{/tags}}