We may use the below scanner to identify this vulnerability. One of our ex-colleague has written it, its a remote, network scanner and available as free download.
http://blog.crowdstrike.com/crowdstrike-shellshock-scanner/ Seems configurable with custom paths. Please check the note at the end. Regards, Santhosh ________________________________________ From: Demetrius Tsitrelis [demetrius.tsitre...@citrix.com] Sent: Wednesday, October 01, 2014 1:59 PM To: <dev@cloudstack.apache.org> Subject: RE: Shellshock Actually, I am not sure. Only the env.cgi script is loaded and, while the other scripts are in perl, there is nothing in the video which shows the source for the env.cgi script so it may not be perl. -----Original Message----- From: Demetrius Tsitrelis [mailto:demetrius.tsitre...@citrix.com] Sent: Wednesday, October 01, 2014 10:52 AM To: <dev@cloudstack.apache.org> Subject: RE: Shellshock Interestingly this video shows attack against a perl script... https://www.youtube.com/watch?v=ArEOVHQu9nk -----Original Message----- From: Demetrius Tsitrelis [mailto:demetrius.tsitre...@citrix.com] Sent: Monday, September 29, 2014 6:13 PM To: <dev@cloudstack.apache.org> Subject: RE: Shellshock http://systemvm-public-ip/cgi-bin/ipcalc is a perl script. -----Original Message----- From: Sheng Yang [mailto:sh...@yasker.org] Sent: Monday, September 29, 2014 5:21 PM To: <dev@cloudstack.apache.org> Subject: Re: Shellshock http://systemvm-public-ip/cgi-bin/ipcalc is NOT a bash script, so it's normal that it cannot be exploited. --Sheng On Fri, Sep 26, 2014 at 1:57 PM, Demetrius Tsitrelis < demetrius.tsitre...@citrix.com> wrote: > Do you mean you tried setting the USER_AGENT like in > https://community.qualys.com/blogs/securitylabs/2014/09/25/qualysguard > -remote-detection-for-bash-shellshock > ? > > > -----Original Message----- > From: Ian Duffy [mailto:i...@ianduffy.ie] > Sent: Friday, September 26, 2014 6:56 AM > To: CloudStack Dev > Subject: Re: Shellshock > > Tried this against the latest system vms built on Jenkins. > > Didn't get a successful exploited response. Tested against > http://systemvm > - public-ip/cgi-bin/ipcalc > On 25 Sep 2014 16:56, "Abhinandan Prateek" <agneya2...@gmail.com> wrote: > > > > > After heart bleed we are Shell shocked > > http://www.bbc.com/news/technology-29361794 ! > > It may not affect cloudstack directly as it is a vulnerability that > > affects bash, and allows the attacker to take control of the system > > running bash shell. > > > > -abhi >
