[Bro] CVE-2014-6271/ detection script
Gary Faulkner
gfaulkner.nsm at gmail.com
Wed Sep 24 20:18:31 PDT 2014
Critical Stack has a version as well:
https://github.com/CriticalStack/bro-scripts/tree/cve-2014-6271/bash-cve-2014-6271
On 9/24/2014 9:53 PM, Scott Campbell wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> I just posted a quick policy file which should look at header fields
> and examine the data section for the telltale formatting of a bash
> function.
>
> I have *not* tested this extensively, so please test before deploying.
> Happy to update with better regex etc...
>
> https://github.com/set-element/misc-scripts/blob/master/header-test.bro
>
> cheers,
> scott
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG/MacGPG2 v2.0.19 (Darwin)
> Comment: GPGTools - http://gpgtools.org
>
> iEYEARECAAYFAlQjg70ACgkQK2Plq8B7ZByhoACgzW+/Ks+8LzNErWW+TiVOnn8C
> T+kAnjmS6ilxS6NbxFkybu8iI53NAq3Y
> =d76q
> -----END PGP SIGNATURE-----
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
More information about the Bro
mailing list