<div dir="ltr"><div>ciertamente, pero me imagino que, al no haber ninguna</div><div>variable o patron que pueda ser instanciado, no hace mucha</div><div>diferencia, yo usaria simples, en eso concuerdo.</div><div><br></div><div>en <a href="http://arstechnica.com/security/2014/09/bug-in-bash-shell-creates-big-security-hole-on-anything-with-nix-in-it/">una de las referencias</a> usan las simples</div><div><br></div><div><pre style="overflow:auto;color:rgb(38,48,52);font-size:14px;line-height:20px">env x='() { :;}; echo vulnerable' bash -c "echo this is a test"</pre></div><div><br></div><div>saludos</div><div><br></div><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Sep 26, 2014 at 5:33 AM, Jose Luis Gaspoz <span dir="ltr"><<a href="mailto:gaspozj@is.com.ar" target="_blank">gaspozj@is.com.ar</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div dir="ltr" bgcolor="#ffffff" text="#000000">
<div dir="ltr">
<div style="font-size:12pt;font-family:Calibri;color:rgb(0,0,0)">
<div>Hernán:</div>
<div> </div>
<div>¿no están mal el tipo de comillas en la primera parte del codigo del seteo
de la variable? .... deberian ser comillas simples y no dobles.</div>
<div> </div>
<div>Saludos</div>
<div> </div>
<div style="font-size:12pt;font-family:Calibri;color:rgb(0,0,0)">Ing. Jose
Luis Gaspoz<br>Internet Services S.A.<br>Tel: 0342-4565118<br>Cel:
342-5008523</div>
<div style="font-size:small;text-decoration:none;font-family:Calibri;font-weight:normal;color:rgb(0,0,0);font-style:normal;display:inline">
<div style="font-style:normal;font-variant:normal;font-weight:normal;font-size:10pt;line-height:normal;font-family:tahoma">
<div> </div>
<div style="background:rgb(245,245,245)">
<div><b>From:</b> <a title="hmereles@senatics.gov.py" href="mailto:hmereles@senatics.gov.py" target="_blank">Herman Mereles</a> </div>
<div><b>Sent:</b> Thursday, September 25, 2014 5:32 PM</div>
<div><b>To:</b> <a title="seguridad@lacnic.net" href="mailto:seguridad@lacnic.net" target="_blank">Lista para discusion de seguridad en redes y
sistemas informaticos de la region</a> </div>
<div><b>Subject:</b> Re: [LACNIC/Seguridad] Fwd: TA14-268A: GNU Bourne Again
Shell (Bash) ‘Shellshock’ Vulnerability
(CVE-2014-6271,CVE-2014-7169)</div></div></div>
<div> </div></div>
<div style="font-size:small;text-decoration:none;font-family:Calibri;font-weight:normal;color:rgb(0,0,0);font-style:normal;display:inline"><span class="">Raúl,
compañeros,<br><br>Este es un boletín que nosotros hemos
redactado,<br><br>Saludos<br>---<br>
<div>El 25/09/14 a las 16:19, Raul Cabrera
escibió:<br></div>
</span><blockquote type="cite">
<div><span class="">
<p class="MsoNormal"><span lang="EN-US" style="font-size:11pt;font-family:Calibri,sans-serif;color:black">Del
Blog Schneier on Security:</span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11pt;font-family:Calibri,sans-serif;color:black"></span> </p>
<p class="MsoNormal"><b><span lang="EN-US" style="font-size:11pt;font-family:Calibri,sans-serif;color:black">“Nasty
Vulnerability found in Bash” (</span></b><span lang="EN-US" style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)">
</span><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)"><a href="https://www.schneier.com/blog/archives/2014/09/nasty_vulnerabi.html" target="_blank"><span lang="EN-US">https://www.schneier.com/blog/archives/2014/09/nasty_vulnerabi.html</span></a></span><span style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)">
</span><b><span lang="EN-US" style="font-size:11pt;font-family:Calibri,sans-serif;color:black">)</span></b><span lang="EN-US" style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)"></span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11pt;font-family:Calibri,sans-serif;color:rgb(31,73,125)"></span> </p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11pt;font-family:Calibri,sans-serif;color:black">Saludos
cordiales.</span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11pt;font-family:Calibri,sans-serif;color:black"></span> </p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11pt;font-family:Calibri,sans-serif;color:black"></span> </p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11pt;font-family:Calibri,sans-serif;color:black">RAUL
EDUARDO CABRERA</span></p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11pt;font-family:Calibri,sans-serif;color:black"></span> </p>
<p class="MsoNormal"><span lang="EN-US" style="font-size:11pt;font-family:Calibri,sans-serif;color:black"></span> </p>
<div>
<div style="border-top-color:rgb(181,196,223);border-width:1pt medium medium;border-style:solid none none;padding:3pt 0cm 0cm">
<p class="MsoNormal"><b><span lang="ES" style="font-size:10pt;font-family:Tahoma,sans-serif;color:windowtext">De:</span></b><span lang="ES" style="font-size:10pt;font-family:Tahoma,sans-serif;color:windowtext">
Seguridad [<a href="mailto:seguridad-bounces@lacnic.net" target="_blank">mailto:seguridad-bounces@lacnic.net</a>]
<b>En nombre de </b>Fernando Gont<br><b>Enviado el:</b> jueves, 25 de
septiembre de 2014 04:51 p.m.<br><b>Para:</b> Lista para discusión de
seguridad en redes y sistemas informaticos de la región<br><b>Asunto:</b>
[LACNIC/Seguridad] Fwd: TA14-268A: GNU Bourne Again Shell (Bash) ‘Shellshock’
Vulnerability (CVE-2014-6271,CVE-2014-7169)</span></p></div></div>
<p class="MsoNormal"> </p>
<p class="MsoNormal">FYI</p>
</span><div>
<p class="MsoNormal"><br><br>-------- Forwarded Message -------- </p>
<table style="color:rgb(0,0,0)" cellspacing="0" cellpadding="0" border="0">
<tbody>
<tr>
<td style="padding:0cm" valign="top" nowrap>
<p class="MsoNormal" style="text-align:right" align="right"><b>Subject:
</b></p></td>
<td style="padding:0cm">
<p class="MsoNormal">TA14-268A: GNU Bourne Again Shell (Bash) ‘Shellshock’
Vulnerability (CVE-2014-6271,CVE-2014-7169)</p></td></tr>
<tr>
<td style="padding:0cm" valign="top" nowrap>
<p class="MsoNormal" style="text-align:right" align="right"><b>Date:
</b></p></td>
<td style="padding:0cm">
<p class="MsoNormal">Thu, 25 Sep 2014 14:10:57 -0500</p></td></tr>
<tr>
<td style="padding:0cm" valign="top" nowrap>
<p class="MsoNormal" style="text-align:right" align="right"><b>From:
</b></p></td>
<td style="padding:0cm">
<p class="MsoNormal">US-CERT <a href="mailto:US-CERT@ncas.us-cert.gov" target="_blank">mailto:US-CERT@ncas.us-cert.gov</a></p></td></tr>
<tr>
<td style="padding:0cm" valign="top" nowrap>
<p class="MsoNormal" style="text-align:right" align="right"><b>Reply-To:
</b></p></td>
<td style="padding:0cm">
<p class="MsoNormal"><a href="mailto:US-CERT@ncas.us-cert.gov" target="_blank">US-CERT@ncas.us-cert.gov</a></p></td></tr>
<tr>
<td style="padding:0cm" valign="top" nowrap>
<p class="MsoNormal" style="text-align:right" align="right"><b>To:
</b></p></td>
<td style="padding:0cm">
<p class="MsoNormal"><a href="mailto:fernando@gont.com.ar" target="_blank">fernando@gont.com.ar</a></p></td></tr></tbody></table><div><div class="h5">
<p class="MsoNormal" style="margin-bottom:12pt"> </p>
<div align="center">
<table style="width:525pt;color:rgb(0,0,0)" cellspacing="0" cellpadding="0" width="700" border="0">
<tbody>
<tr>
<td style="padding:0cm">
<p><img border="0" alt="NCCIC / US-CERT" width="700" height="100"></p>
<p>National Cyber Awareness System:</p>
<div style="margin-bottom:24pt">
<div style="margin-bottom:3.6pt">
<p class="MsoNormal"><b><span style="font-size:14.5pt"><a href="https://www.us-cert.gov/ncas/alerts/TA14-268A" target="_blank">TA14-268A: GNU Bourne Again Shell (Bash)
‘Shellshock’ Vulnerability
(CVE-2014-6271,CVE-2014-7169)</a></span></b></p></div>
<div style="margin-bottom:3.6pt">
<p class="MsoNormal"><i><span style="font-size:11pt;color:rgb(102,102,102)">09/25/2014 12:56 PM
EDT</span></i></p></div>
<p class="MsoNormal"> </p>
<div style="margin-bottom:3.6pt">
<p class="MsoNormal">Original release date: September 25, 2014</p>
<h3>Systems Affected</h3>
<ul type="disc">
<li class="MsoNormal">GNU Bash through 4.3.
</li><li class="MsoNormal">Linux, BSD, and UNIX distributions including but
not limited to: </li></ul>
<ul type="disc">
<ul type="circle">
<li class="MsoNormal"><a href="http://lists.centos.org/pipermail/centos/2014-September/146099.html" target="_blank">CentOS</a> 5 through 7
</li><li class="MsoNormal"><a href="https://lists.debian.org/debian-security-announce/2014/msg00220.html" target="_blank">Debian</a>
</li><li class="MsoNormal">Mac OS X
</li><li class="MsoNormal">Red Hat Enterprise Linux 4 through 7
</li><li class="MsoNormal"><a href="http://www.ubuntu.com/usn/usn-2362-1/" target="_blank">Ubuntu</a> 10.04 LTS, 12.04 LTS, and 14.04
LTS </li></ul></ul>
<h3>Overview</h3>
<p>A critical vulnerability has been reported in the GNU Bourne Again
Shell (Bash), the common command-line shell used in most Linux/UNIX
operating systems and Apple’s Mac OS X. The flaw could allow an attacker
to remotely execute shell commands by attaching malicious code in
environment variables used by the operating system <a href="http://arstechnica.com/security/2014/09/bug-in-bash-shell-creates-big-security-hole-on-anything-with-nix-in-it/" target="_blank">[1]</a>. The United States Department of Homeland
Security (DHS) is releasing this Technical Alert to provide further
information about the GNU Bash vulnerability.</p>
<h3>Description</h3>
<p>GNU Bash versions 1.14 through 4.3 contain a flaw that processes
commands placed after function definitions in the added environment
variable, allowing remote attackers to execute arbitrary code via a
crafted environment which enables network-based exploitation. [<a href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271" target="_blank">2</a>, <a href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7169" target="_blank">3</a>]</p>
<p>Critical instances where the vulnerability may be exposed include:
[<a href="https://access.redhat.com/security/cve/CVE-2014-6271" target="_blank"><span style="color:rgb(0,0,238)">4</span></a>, <a href="http://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/" target="_blank">5</a>]</p>
<ul type="disc">
<li class="MsoNormal">Apache HTTP Server using mod_cgi or mod_cgid
scripts either written in bash, or spawn subshells.
</li><li class="MsoNormal">Override or Bypass ForceCommand feature in OpenSSH
sshd and limited protection for some Git and Subversion deployments
used to restrict shells and allows arbitrary command execution
capabilities.
</li><li class="MsoNormal">Allow arbitrary commands to run on a DHCP client
machine, various Daemons and SUID/privileged programs.
</li><li class="MsoNormal">Exploit servers and other Unix and Linux devices
via Web requests, secure shell, telnet sessions, or other programs
that use Bash to execute scripts. </li></ul>
<h3>Impact</h3>
<p>This vulnerability is classified by industry standards as “High”
impact with CVSS Impact Subscore 10 and “Low” on complexity, which means
it takes little skill to perform. This flaw allows attackers to provide
specially crafted environment variables containing arbitrary commands
that can be executed on vulnerable systems. It is especially dangerous
because of the prevalent use of the Bash shell and its ability to be
called by an application in numerous ways.</p>
<h3>Solution</h3>
<p>Patches have been released to fix this vulnerability by major Linux
vendors for affected versions. Solutions for CVE-2014-6271 do not
completely resolve the vulnerability. It is advised to install existing
patches and pay attention for updated patches to address
CVE-2014-7169.</p>
<p>Many UNIX-like operating systems, including Linux distributions, BSD
variants, and Apple Mac OS X include Bash and are likely to be affected.
Contact your vendor for updated information. A list of vendors can be
found in CERT Vulnerability Note <a href="http://www.kb.cert.org/vuls/id/252743" target="_blank">VU#252743</a> <a href="http://www.kb.cert.org/vuls/id/252743" target="_blank">[6]</a>.</p>
<p>US-CERT recommends system administrators review the vendor patches
and the NIST Vulnerability Summary for <a href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7169" target="_blank">CVE-2014-7169</a>, to mitigate damage caused by
the exploit.</p>
<h3>References</h3>
<ul type="disc">
<li class="MsoNormal"><a href="http://arstechnica.com/security/2014/09/bug-in-bash-shell-creates-big-security-hole-on-anything-with-nix-in-it/" target="_blank">Ars Technica, Bug in Bash shell creates big
security hole on anything with *nix in it; </a>
</li><li class="MsoNormal"><a href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271" target="_blank">DHS NCSD; Vulnerability Summary for
CVE-2014-6271</a>
</li><li class="MsoNormal"><a href="http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7169" target="_blank">DHS NCSD; Vulnerability Summary for
CVE-2014-7169</a>
</li><li class="MsoNormal"><a href="https://access.redhat.com/security/cve/CVE-2014-6271" target="_blank">Red Hat, CVE-2014-6271 </a>
</li><li class="MsoNormal"><a href="https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/" target="_blank">Red Hat, Bash specially-crafted environment
variables code injection attack</a>
</li><li class="MsoNormal"><a href="http://www.kb.cert.org/vuls/id/252743" target="_blank">CERT Vulnerability Note VU#252743</a> </li></ul>
<h3>Revision History</h3>
<ul type="disc">
<li class="MsoNormal">September 25, 2014 - Initial Release </li></ul>
<div class="MsoNormal" style="text-align:center" align="center">
<hr align="center" size="2" width="100%">
</div>
<p>This product is provided subject to this <a href="http://www.us-cert.gov/privacy/notification" target="_blank">Notification</a> and this <a href="http://www.us-cert.gov/privacy/" target="_blank">Privacy
& Use</a> policy.</p></div></div>
<div>
<div class="MsoNormal" style="text-align:center" align="center">
<hr align="center" size="2" width="100%">
</div>
<table style="width:300pt;color:rgb(0,0,0)" cellspacing="0" cellpadding="0" width="400" border="0">
<tbody>
<tr style="height:18pt">
<td style="height:18pt;padding:0cm" valign="bottom">
<p class="MsoNormal"><span style="font-size:9pt;font-family:Arial,sans-serif;color:rgb(102,102,102)">OTHER
RESOURCES:</span></p></td></tr>
<tr style="height:18pt">
<td style="height:18pt;padding:0cm">
<p class="MsoNormal"><span style="font-size:9pt;font-family:Arial,sans-serif;color:rgb(102,102,102)"><a href="http://www.us-cert.gov/contact-us/" target="_blank">Contact Us</a> | <a href="http://www.us-cert.gov/security-publications" target="_blank">Security Publications</a> | <a href="http://www.us-cert.gov/ncas" target="_blank">Alerts and Tips</a> | <a href="http://www.us-cert.gov/related-resources" target="_blank">Related
Resources</a></span></p></td></tr></tbody></table>
<p class="MsoNormal"> </p>
<table style="width:112.5pt;color:rgb(0,0,0)" cellspacing="0" cellpadding="0" width="150" border="0">
<tbody>
<tr style="height:18pt">
<td style="height:18pt;padding:0cm" valign="bottom" colspan="7">
<p class="MsoNormal"><span style="font-size:9pt;font-family:Arial,sans-serif;color:rgb(102,102,102)">STAY
CONNECTED:</span></p></td></tr>
<tr>
<td style="width:30.75pt;padding:0cm" width="41">
<p class="MsoNormal"><a href="http://public.govdelivery.com/accounts/USDHSUSCERT/subscriber/new" target="_blank"><span style="text-decoration:none"><img border="0" alt="Sign up for email updates" width="25" height="25"></span></a></p></td>
<td style="padding:0cm"><br></td>
<td style="padding:0cm"><br></td>
<td style="padding:0cm"><br></td>
<td style="padding:0cm"><br></td>
<td style="padding:0cm"><br></td>
<td style="padding:0cm"><br></td></tr></tbody></table>
<p><span style="font-size:9pt;font-family:Arial,sans-serif;color:rgb(102,102,102)">SUBSCRIBER
SERVICES:<br><a href="http://public.govdelivery.com/accounts/USDHSUSCERT/subscribers/new?preferences=true" target="_blank">Manage Preferences</a>
| <a href="https://public.govdelivery.com/accounts/USDHSUSCERT/subscriber/one_click_unsubscribe?verification=5.3401fc02ac14ed36b08029852a939882&destination=fernando@gont.com.ar" target="_blank">Unsubscribe</a> | <a href="https://subscriberhelp.govdelivery.com/" target="_blank">Help</a></span></p></div>
<div>
<div class="MsoNormal" style="text-align:center" align="center">
<hr align="center" size="2" width="100%">
</div>
<table style="width:100%;color:rgb(0,0,0)" cellspacing="0" cellpadding="0" width="100%" border="0">
<tbody>
<tr>
<td style="width:89%;padding:0cm" width="89%">
<p class="MsoNormal"><span style="font-size:7.5pt;font-family:Arial,sans-serif;color:gray">This
email was sent to <a href="mailto:fernando@gont.com.ar" target="_blank">fernando@gont.com.ar</a> using GovDelivery,
on behalf of: United States Computer Emergency Readiness Team
(US-CERT) · 245 Murray Lane SW Bldg 410 · Washington, DC 20598 ·
<a href="tel:%28703%29%20235-5110" value="+17032355110" target="_blank">(703) 235-5110</a></span></p></td>
<td style="width:11%;padding:0cm" width="11%">
<p class="MsoNormal" style="text-align:right" align="right"><a href="http://www.govdelivery.com/portals/powered-by" target="_blank"><span style="text-decoration:none"><img border="0" alt="Powered by GovDelivery" width="115" height="35"></span></a></p></td></tr></tbody></table></div></td></tr></tbody></table></div>
<p class="MsoNormal"><br><br></p><pre>-- </pre><pre>Fernando Gont</pre><pre>e-mail: <a href="mailto:fernando@gont.com.ar" target="_blank">fernando@gont.com.ar</a> || <a href="mailto:fgont@si6networks.com" target="_blank">fgont@si6networks.com</a></pre><pre>PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1</pre><pre> </pre><pre> </pre><pre> </pre>
<p class="MsoNormal"> </p></div></div></div>
<p class="MsoNormal"> </p></div><div><div class="h5"><br>
<hr align="center" size="3" width="630">
<p style="text-align:left"><span style="font-size:12px;text-decoration:none;font-family:times;text-transform:none;font-weight:normal;color:rgb(0,0,0);font-style:normal;background-color:rgb(255,255,255)">La
información contenida en esta comunicación se dirige exclusivamente para el
uso de la persona o entidad a quien va dirigida y otros autorizados para
recibirlo. Puede contener información confidencial o legalmente protegida. Si
usted no es el destinatario indicado, queda notificado de que cualquier
revelación, copia, distribución o tomar cualquier acción basada en el
contenido de esta información está estrictamente prohibida y puede ser ilegal.
Si usted ha recibido esta comunicación por error, le rogamos nos lo notifique
inmediatamente respondiendo a este correo y elimine de su sistema. SADAIC no
es responsable de la transmisión correcta y completa de la información
contenida en esta comunicación, ni por cualquier retraso en su
recepción.<br><br>The information contained in this communication is intended
solely for the use of the individual or entity to whom it is addressed and
others authorized to receive it. It may contain confidential or legally
privileged information. If you are not the intended recipient you are hereby
notified that any disclosure, copying, distribution or taking any action in
reliance on the contents of this information is strictly prohibited and may be
unlawful. If you have received this communication in error, please notify us
immediately by responding to this email and then delete it from your system.
SADAIC is neither liable for the proper and complete transmission of the
information contained in this communication nor for any delay in its receipt.
</span></p><br>
<fieldset></fieldset> <br><pre>_______________________________________________
Seguridad mailing list
<a href="mailto:Seguridad@lacnic.net" target="_blank">Seguridad@lacnic.net</a>
<a href="https://mail.lacnic.net/mailman/listinfo/seguridad" target="_blank">https://mail.lacnic.net/mailman/listinfo/seguridad</a>
</pre></div></div></blockquote><br>
<p>
</p><hr><span class="">
_______________________________________________<br>Seguridad mailing
list<br><a href="mailto:Seguridad@lacnic.net" target="_blank">Seguridad@lacnic.net</a><br><a href="https://mail.lacnic.net/mailman/listinfo/seguridad" target="_blank">https://mail.lacnic.net/mailman/listinfo/seguridad</a><br></span><p></p></div></div></div></div>
<br>_______________________________________________<br>
Seguridad mailing list<br>
<a href="mailto:Seguridad@lacnic.net">Seguridad@lacnic.net</a><br>
<a href="https://mail.lacnic.net/mailman/listinfo/seguridad" target="_blank">https://mail.lacnic.net/mailman/listinfo/seguridad</a><br>
<br></blockquote></div><br><br clear="all"><div><br></div>-- <br><div><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr">-----------------------------------------------------------------------------------------------------------------</div></div></div></div></div><span>Campaña contra el correo SPAM</span><br><span>- Solo envia el contenido importante</span><br><span>- Protege y respeta la privacidad de tus amigos. </span><br><span>- Si reenvias este correo, borra las direcciones anteriores </span><br><span>- Si lo reenvias a varias personas usa la casilla CCO .</span><br><span>- Si todos hacemos lo mismo, tambien tu estaras protegid@.</span><div><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr">-----------------------------------------------------------------------------------------------------------------</div></div></div></div></div><div>- Send only the important text </div><div><span>- Protect and respect your friends' privacy</span><br></div><div><span>- </span><span>Delete previous addresses from message body</span></div><div><span>- </span><span>Use the BCC field when sending to several recipients</span></div><div><span>- If we all follow these guidelines, we'll all be protected.</span></div>
</div></div>