<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Raúl, compañeros,<br>
<br>
Este es un boletín que nosotros hemos redactado,<br>
<br>
Saludos<br>
---<br>
<div class="moz-cite-prefix">El 25/09/14 a las 16:19, Raul Cabrera
escibió:<br>
</div>
<blockquote
cite="mid:62A65F62C5A4164BAFE82F2C532488CF01A3495C38@VMEXMBX2.sadaic.local"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
<style>
<!--
@font-face
{font-family:Wingdings}
@font-face
{font-family:"Cambria Math"}
@font-face
{font-family:Calibri}
@font-face
{font-family:Tahoma}
@font-face
{font-family:Consolas}
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";
color:black}
h3
{margin-right:0cm;
margin-left:0cm;
font-size:13.5pt;
font-family:"Times New Roman","serif";
color:black;
font-weight:bold}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline}
a:visited, span.MsoHyperlinkFollowed
{color:purple;
text-decoration:underline}
p
{margin-right:0cm;
margin-left:0cm;
font-size:12.0pt;
font-family:"Times New Roman","serif";
color:black}
pre
{margin:0cm;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";
color:black}
span.Ttulo3Car
{font-family:"Cambria","serif";
color:#4F81BD;
font-weight:bold}
span.HTMLconformatoprevioCar
{font-family:"Consolas","serif";
color:black}
span.EstiloCorreo21
{font-family:"Calibri","sans-serif";
color:#1F497D}
.MsoChpDefault
{font-size:10.0pt}
@page WordSection1
{margin:70.85pt 3.0cm 70.85pt 3.0cm}
div.WordSection1
{}
ol
{margin-bottom:0cm}
ul
{margin-bottom:0cm}
-->
</style>
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt;
font-family:"Calibri","sans-serif";
color:black" lang="EN-US">Del Blog Schneier on Security:</span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;
font-family:"Calibri","sans-serif";
color:black" lang="EN-US"> </span></p>
<p class="MsoNormal"><b><span style="font-size:11.0pt;
font-family:"Calibri","sans-serif";
color:black" lang="EN-US">“Nasty Vulnerability found in
Bash” (</span></b><span style="font-size:11.0pt;
font-family:"Calibri","sans-serif";
color:#1F497D" lang="EN-US">
</span><span style="font-size:11.0pt;
font-family:"Calibri","sans-serif";
color:#1F497D"><a moz-do-not-send="true"
href="https://www.schneier.com/blog/archives/2014/09/nasty_vulnerabi.html"><span
lang="EN-US">https://www.schneier.com/blog/archives/2014/09/nasty_vulnerabi.html</span></a></span><span
style="font-size:11.0pt;
font-family:"Calibri","sans-serif";
color:#1F497D">
</span><b><span style="font-size:11.0pt;
font-family:"Calibri","sans-serif";
color:black" lang="EN-US">)</span></b><span
style="font-size:11.0pt;
font-family:"Calibri","sans-serif";
color:#1F497D" lang="EN-US"></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;
font-family:"Calibri","sans-serif";
color:#1F497D" lang="EN-US"> </span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;
font-family:"Calibri","sans-serif";
color:black" lang="EN-US">Saludos cordiales.</span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;
font-family:"Calibri","sans-serif";
color:black" lang="EN-US"> </span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;
font-family:"Calibri","sans-serif";
color:black" lang="EN-US"> </span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;
font-family:"Calibri","sans-serif";
color:black" lang="EN-US">RAUL EDUARDO CABRERA</span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;
font-family:"Calibri","sans-serif";
color:black" lang="EN-US"> </span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;
font-family:"Calibri","sans-serif";
color:black" lang="EN-US"> </span></p>
<div>
<div style="border:none; border-top:solid #B5C4DF 1.0pt;
padding:3.0pt 0cm 0cm 0cm">
<p class="MsoNormal"><b><span style="font-size:10.0pt;
font-family:"Tahoma","sans-serif";
color:windowtext" lang="ES">De:</span></b><span
style="font-size:10.0pt;
font-family:"Tahoma","sans-serif";
color:windowtext" lang="ES"> Seguridad
[<a class="moz-txt-link-freetext" href="mailto:seguridad-bounces@lacnic.net">mailto:seguridad-bounces@lacnic.net</a>]
<b>En nombre de </b>Fernando Gont<br>
<b>Enviado el:</b> jueves, 25 de septiembre de 2014
04:51 p.m.<br>
<b>Para:</b> Lista para discusión de seguridad en redes
y sistemas informaticos de la región<br>
<b>Asunto:</b> [LACNIC/Seguridad] Fwd: TA14-268A: GNU
Bourne Again Shell (Bash) ‘Shellshock’ Vulnerability
(CVE-2014-6271,CVE-2014-7169)</span></p>
</div>
</div>
<p class="MsoNormal"> </p>
<p class="MsoNormal">FYI</p>
<div>
<p class="MsoNormal"><br>
<br>
-------- Forwarded Message -------- </p>
<table class="MsoNormalTable" border="0" cellpadding="0"
cellspacing="0">
<tbody>
<tr>
<td style="padding:0cm 0cm 0cm 0cm" nowrap="nowrap"
valign="top">
<p class="MsoNormal" style="text-align:right"
align="right"><b>Subject: </b></p>
</td>
<td style="padding:0cm 0cm 0cm 0cm">
<p class="MsoNormal">TA14-268A: GNU Bourne Again Shell
(Bash) ‘Shellshock’ Vulnerability
(CVE-2014-6271,CVE-2014-7169)</p>
</td>
</tr>
<tr>
<td style="padding:0cm 0cm 0cm 0cm" nowrap="nowrap"
valign="top">
<p class="MsoNormal" style="text-align:right"
align="right"><b>Date: </b></p>
</td>
<td style="padding:0cm 0cm 0cm 0cm">
<p class="MsoNormal">Thu, 25 Sep 2014 14:10:57 -0500</p>
</td>
</tr>
<tr>
<td style="padding:0cm 0cm 0cm 0cm" nowrap="nowrap"
valign="top">
<p class="MsoNormal" style="text-align:right"
align="right"><b>From: </b></p>
</td>
<td style="padding:0cm 0cm 0cm 0cm">
<p class="MsoNormal">US-CERT <a
moz-do-not-send="true"
href="mailto:US-CERT@ncas.us-cert.gov"><US-CERT@ncas.us-cert.gov></a></p>
</td>
</tr>
<tr>
<td style="padding:0cm 0cm 0cm 0cm" nowrap="nowrap"
valign="top">
<p class="MsoNormal" style="text-align:right"
align="right"><b>Reply-To: </b></p>
</td>
<td style="padding:0cm 0cm 0cm 0cm">
<p class="MsoNormal"><a moz-do-not-send="true"
href="mailto:US-CERT@ncas.us-cert.gov">US-CERT@ncas.us-cert.gov</a></p>
</td>
</tr>
<tr>
<td style="padding:0cm 0cm 0cm 0cm" nowrap="nowrap"
valign="top">
<p class="MsoNormal" style="text-align:right"
align="right"><b>To: </b></p>
</td>
<td style="padding:0cm 0cm 0cm 0cm">
<p class="MsoNormal"><a moz-do-not-send="true"
href="mailto:fernando@gont.com.ar">fernando@gont.com.ar</a></p>
</td>
</tr>
</tbody>
</table>
<p class="MsoNormal" style="margin-bottom:12.0pt"> </p>
<div align="center">
<table class="MsoNormalTable" style="width:525.0pt"
border="0" cellpadding="0" cellspacing="0" width="700">
<tbody>
<tr>
<td style="padding:0cm 0cm 0cm 0cm">
<p><img moz-do-not-send="true" id="_x0000_i1025"
src="https://public.govdelivery.com/system/images/37745/original/BANNER_NCCIC_USC_01.png"
alt="NCCIC / US-CERT" border="0" height="100"
width="700"></p>
<p>National Cyber Awareness System:</p>
<div style="margin-bottom:24.0pt">
<div style="margin-bottom:3.6pt">
<p class="MsoNormal"><b><span
style="font-size:14.5pt"><a
moz-do-not-send="true"
href="https://www.us-cert.gov/ncas/alerts/TA14-268A">TA14-268A:
GNU Bourne Again Shell (Bash)
‘Shellshock’ Vulnerability
(CVE-2014-6271,CVE-2014-7169)</a></span></b></p>
</div>
<div style="margin-bottom:3.6pt">
<p class="MsoNormal"><i><span
style="font-size:11.0pt; color:#666666">09/25/2014
12:56 PM EDT</span></i></p>
</div>
<p class="MsoNormal"> </p>
<div style="margin-bottom:3.6pt">
<p class="MsoNormal">Original release date:
September 25, 2014</p>
<h3>Systems Affected</h3>
<ul type="disc">
<li class="MsoNormal" style="">GNU Bash
through 4.3.</li>
<li class="MsoNormal" style="">Linux, BSD, and
UNIX distributions including but not limited
to:
</li>
</ul>
<ul type="disc">
<ul type="circle">
<li class="MsoNormal" style=""><a
moz-do-not-send="true"
href="http://lists.centos.org/pipermail/centos/2014-September/146099.html">CentOS</a>
5 through 7</li>
<li class="MsoNormal" style=""><a
moz-do-not-send="true"
href="https://lists.debian.org/debian-security-announce/2014/msg00220.html">Debian</a></li>
<li class="MsoNormal" style="">Mac OS X</li>
<li class="MsoNormal" style="">Red Hat
Enterprise Linux 4 through 7</li>
<li class="MsoNormal" style=""><a
moz-do-not-send="true"
href="http://www.ubuntu.com/usn/usn-2362-1/">Ubuntu</a>
10.04 LTS, 12.04 LTS, and 14.04 LTS</li>
</ul>
</ul>
<h3>Overview</h3>
<p>A critical vulnerability has been reported in
the GNU Bourne Again Shell (Bash), the common
command-line shell used in most Linux/UNIX
operating systems and Apple’s Mac OS X. The
flaw could allow an attacker to remotely
execute shell commands by attaching malicious
code in environment variables used by the
operating system <a moz-do-not-send="true"
href="http://arstechnica.com/security/2014/09/bug-in-bash-shell-creates-big-security-hole-on-anything-with-nix-in-it/">[1]</a>.
The United States Department of Homeland
Security (DHS) is releasing this Technical
Alert to provide further information about the
GNU Bash vulnerability.</p>
<h3>Description</h3>
<p>GNU Bash versions 1.14 through 4.3 contain a
flaw that processes commands placed after
function definitions in the added environment
variable, allowing remote attackers to execute
arbitrary code via a crafted environment which
enables network-based exploitation. [<a
moz-do-not-send="true"
href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271">2</a>,
<a moz-do-not-send="true"
href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7169">
3</a>]</p>
<p>Critical instances where the vulnerability
may be exposed include: [<a
moz-do-not-send="true"
href="https://access.redhat.com/security/cve/CVE-2014-6271"><span
style="color:#0000EE">4</span></a>,
<a moz-do-not-send="true"
href="http://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/">5</a>]</p>
<ul type="disc">
<li class="MsoNormal" style="">Apache HTTP
Server using mod_cgi or mod_cgid scripts
either written in bash, or spawn subshells.</li>
<li class="MsoNormal" style="">Override or
Bypass ForceCommand feature in OpenSSH sshd
and limited protection for some Git and
Subversion deployments used to restrict
shells and allows arbitrary command
execution capabilities.</li>
<li class="MsoNormal" style="">Allow arbitrary
commands to run on a DHCP client machine,
various Daemons and SUID/privileged
programs.</li>
<li class="MsoNormal" style="">Exploit servers
and other Unix and Linux devices via Web
requests, secure shell, telnet sessions, or
other programs that use Bash to execute
scripts.</li>
</ul>
<h3>Impact</h3>
<p>This vulnerability is classified by industry
standards as “High” impact with CVSS Impact
Subscore 10 and “Low” on complexity, which
means it takes little skill to perform. This
flaw allows attackers to provide specially
crafted environment variables containing
arbitrary commands that can be executed on
vulnerable systems. It is especially dangerous
because of the prevalent use of the Bash shell
and its ability to be called by an application
in numerous ways.</p>
<h3>Solution</h3>
<p>Patches have been released to fix this
vulnerability by major Linux vendors for
affected versions. Solutions for CVE-2014-6271
do not completely resolve the vulnerability.
It is advised to install existing patches and
pay attention for updated patches to address
CVE-2014-7169.</p>
<p>Many UNIX-like operating systems, including
Linux distributions, BSD variants, and Apple
Mac OS X include Bash and are likely to be
affected. Contact your vendor for updated
information. A list of vendors can be found in
CERT Vulnerability Note
<a moz-do-not-send="true"
href="http://www.kb.cert.org/vuls/id/252743">VU#252743</a>
<a moz-do-not-send="true"
href="http://www.kb.cert.org/vuls/id/252743">
[6]</a>.</p>
<p>US-CERT recommends system administrators
review the vendor patches and the NIST
Vulnerability Summary for
<a moz-do-not-send="true"
href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7169">CVE-2014-7169</a>,
to mitigate damage caused by the exploit.</p>
<h3>References</h3>
<ul type="disc">
<li class="MsoNormal" style=""><a
moz-do-not-send="true"
href="http://arstechnica.com/security/2014/09/bug-in-bash-shell-creates-big-security-hole-on-anything-with-nix-in-it/">Ars
Technica, Bug in Bash shell creates big
security hole on anything with *nix in it;
</a></li>
<li class="MsoNormal" style=""><a
moz-do-not-send="true"
href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271">DHS
NCSD; Vulnerability Summary for
CVE-2014-6271</a></li>
<li class="MsoNormal" style=""><a
moz-do-not-send="true"
href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7169">DHS
NCSD; Vulnerability Summary for
CVE-2014-7169</a></li>
<li class="MsoNormal" style=""><a
moz-do-not-send="true"
href="https://access.redhat.com/security/cve/CVE-2014-6271">Red
Hat, CVE-2014-6271
</a></li>
<li class="MsoNormal" style=""><a
moz-do-not-send="true"
href="https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/">Red
Hat, Bash specially-crafted environment
variables code injection attack</a></li>
<li class="MsoNormal" style=""><a
moz-do-not-send="true"
href="http://www.kb.cert.org/vuls/id/252743">CERT
Vulnerability Note VU#252743</a></li>
</ul>
<h3>Revision History</h3>
<ul type="disc">
<li class="MsoNormal" style="">September 25,
2014 - Initial Release</li>
</ul>
<div class="MsoNormal" style="text-align:center"
align="center">
<hr align="center" size="2" width="100%">
</div>
<p>This product is provided subject to this <a
moz-do-not-send="true"
href="http://www.us-cert.gov/privacy/notification">
Notification</a> and this <a
moz-do-not-send="true"
href="http://www.us-cert.gov/privacy/">Privacy
& Use</a> policy.</p>
</div>
</div>
<div id="mail_footer">
<div class="MsoNormal" style="text-align:center"
align="center">
<hr align="center" size="2" width="100%">
</div>
<table class="MsoNormalTable"
style="width:300.0pt" border="0" cellpadding="0"
cellspacing="0" width="400">
<tbody>
<tr style="height:18.0pt">
<td style="padding:0cm 0cm 0cm 0cm;
height:18.0pt" valign="bottom">
<p class="MsoNormal"><span
style="font-size:9.0pt;
font-family:"Arial","sans-serif";
color:#666666">OTHER RESOURCES:</span></p>
</td>
</tr>
<tr style="height:18.0pt">
<td style="padding:0cm 0cm 0cm 0cm;
height:18.0pt">
<p class="MsoNormal"><span
style="font-size:9.0pt;
font-family:"Arial","sans-serif";
color:#666666"><a
moz-do-not-send="true"
href="http://www.us-cert.gov/contact-us/"
target="_blank">Contact Us</a> |
<a moz-do-not-send="true"
href="http://www.us-cert.gov/security-publications"
target="_blank">Security
Publications</a> |
<a moz-do-not-send="true"
href="http://www.us-cert.gov/ncas"
target="_blank">Alerts and Tips</a>
| <a moz-do-not-send="true"
href="http://www.us-cert.gov/related-resources"
target="_blank">
Related Resources</a></span></p>
</td>
</tr>
</tbody>
</table>
<p class="MsoNormal"> </p>
<table class="MsoNormalTable"
style="width:112.5pt" border="0" cellpadding="0"
cellspacing="0" width="150">
<tbody>
<tr style="height:18.0pt">
<td colspan="7" style="padding:0cm 0cm 0cm
0cm; height:18.0pt" valign="bottom">
<p class="MsoNormal"><span
style="font-size:9.0pt;
font-family:"Arial","sans-serif";
color:#666666">STAY CONNECTED:</span></p>
</td>
</tr>
<tr>
<td style="width:30.75pt; padding:0cm 0cm
0cm 0cm" width="41">
<p class="MsoNormal"><a
moz-do-not-send="true"
href="http://public.govdelivery.com/accounts/USDHSUSCERT/subscriber/new"><span
style="text-decoration:none"><img
moz-do-not-send="true"
id="_x0000_i1028"
src="https://service.govdelivery.com/banners/GOVDELIVERY/SOCIAL_MEDIA/envelope.gif"
alt="Sign up for email updates"
border="0" height="25" width="25"></span></a></p>
</td>
<td style="padding:0cm 0cm 0cm 0cm"><br>
</td>
<td style="padding:0cm 0cm 0cm 0cm"><br>
</td>
<td style="padding:0cm 0cm 0cm 0cm"><br>
</td>
<td style="padding:0cm 0cm 0cm 0cm"><br>
</td>
<td style="padding:0cm 0cm 0cm 0cm"><br>
</td>
<td style="padding:0cm 0cm 0cm 0cm"><br>
</td>
</tr>
</tbody>
</table>
<p><span style="font-size:9.0pt;
font-family:"Arial","sans-serif";
color:#666666">SUBSCRIBER SERVICES:<br>
<a moz-do-not-send="true"
href="http://public.govdelivery.com/accounts/USDHSUSCERT/subscribers/new?preferences=true"
target="_blank">Manage Preferences</a> | <a
moz-do-not-send="true"
href="https://public.govdelivery.com/accounts/USDHSUSCERT/subscriber/one_click_unsubscribe?verification=5.3401fc02ac14ed36b08029852a939882&destination=fernando@gont.com.ar"
target="_blank">Unsubscribe</a> | <a
moz-do-not-send="true"
href="https://subscriberhelp.govdelivery.com/">Help</a></span></p>
</div>
<div id="tagline">
<div class="MsoNormal" style="text-align:center"
align="center">
<hr align="center" size="2" width="100%">
</div>
<table class="MsoNormalTable" style="width:100.0%"
border="0" cellpadding="0" cellspacing="0"
width="100%">
<tbody>
<tr>
<td style="width:89.0%; padding:0cm 0cm 0cm
0cm" width="89%">
<p class="MsoNormal"><span
style="font-size:7.5pt;
font-family:"Arial","sans-serif";
color:gray">This email was sent to
<a moz-do-not-send="true"
href="mailto:fernando@gont.com.ar">fernando@gont.com.ar</a>
using GovDelivery, on behalf of:
United States Computer Emergency
Readiness Team (US-CERT) · 245 Murray
Lane SW Bldg 410 · Washington, DC
20598 · (703) 235-5110</span></p>
</td>
<td style="width:11.0%; padding:0cm 0cm 0cm
0cm" width="11%">
<p class="MsoNormal"
style="text-align:right" align="right"><a
moz-do-not-send="true"
href="http://www.govdelivery.com/portals/powered-by"
target="_blank"><span
style="text-decoration:none"><img
moz-do-not-send="true"
id="_x0000_i1030"
src="https://service.govdelivery.com/banners/GOVDELIVERY/logo_gd_poweredby.gif"
alt="Powered by GovDelivery"
border="0" height="35" width="115"></span></a></p>
</td>
</tr>
</tbody>
</table>
</div>
</td>
</tr>
</tbody>
</table>
</div>
<p class="MsoNormal"><br>
<br>
</p>
<pre>-- </pre>
<pre>Fernando Gont</pre>
<pre>e-mail: <a moz-do-not-send="true" href="mailto:fernando@gont.com.ar">fernando@gont.com.ar</a> || <a moz-do-not-send="true" href="mailto:fgont@si6networks.com">fgont@si6networks.com</a></pre>
<pre>PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1</pre>
<pre> </pre>
<pre> </pre>
<pre> </pre>
<p class="MsoNormal"> </p>
</div>
<p class="MsoNormal"> </p>
</div>
<br>
<hr align="CENTER" size="3" width="630px">
<p style="text-align:left"><span style="font-family:Times;
font-size:12px; font-style:normal; font-weight:normal;
text-decoration:none; text-transform:none; color:000000;
background-color:ffffff">La información contenida en esta
comunicación se dirige exclusivamente para el uso de la
persona o entidad a quien va dirigida y otros autorizados para
recibirlo. Puede contener información confidencial o
legalmente protegida. Si usted no es el destinatario indicado,
queda notificado de que cualquier revelación, copia,
distribución o tomar cualquier acción basada en el contenido
de esta información está estrictamente prohibida y puede ser
ilegal. Si usted ha recibido esta comunicación por error, le
rogamos nos lo notifique inmediatamente respondiendo a este
correo y elimine de su sistema. SADAIC no es responsable de la
transmisión correcta y completa de la información contenida en
esta comunicación, ni por cualquier retraso en su recepción.<br>
<br>
The information contained in this communication is intended
solely for the use of the individual or entity to whom it is
addressed and others authorized to receive it. It may contain
confidential or legally privileged information. If you are not
the intended recipient you are hereby notified that any
disclosure, copying, distribution or taking any action in
reliance on the contents of this information is strictly
prohibited and may be unlawful. If you have received this
communication in error, please notify us immediately by
responding to this email and then delete it from your system.
SADAIC is neither liable for the proper and complete
transmission of the information contained in this
communication nor for any delay in its receipt.
</span></p>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Seguridad mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Seguridad@lacnic.net">Seguridad@lacnic.net</a>
<a class="moz-txt-link-freetext" href="https://mail.lacnic.net/mailman/listinfo/seguridad">https://mail.lacnic.net/mailman/listinfo/seguridad</a>
</pre>
</blockquote>
<br>
</body>
</html>