CTO, Convergent Information Security Solutions, LLC
https://www.convergesecurity.com
Sophos Platinum Partner
--------------------------------------
Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries. Use the advice given at your own risk.
Please send me Spam gueselkuebel@sg-utm.also-solutions.ch
Does anybody can provide the rest of the article?
In the light of the recent Bash vulnerability, Sophos has reviewed all of our products to understand if any are at risk from the vulnerability. We can confirm that none – including Sophos Email Appliance, Sophos Web Appliance, PureMessage for Exchange and SAV for Linux – are vulnerable.
The main user-facing components of Sophos UTM, including the WebAdmin interface and the User Portal, do not use Bash to run commands in a way that would allow this vulnerability to be triggered by data supplied by an attacker from outside. Internal components in the UTM do use Bash, but only to run commands determined by Sophos, not based on data supplied by an outsider.
As a matter of good security practice, we will be updating Bash as soon as a stable and effective patch is available from the Bash maintainers.
In the meantime, we are confident that this security hole can’t be reached and exploited from outside the UTM.
CTO, Convergent Information Security Solutions, LLC
https://www.convergesecurity.com
Sophos Platinum Partner
--------------------------------------
Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries. Use the advice given at your own risk.
utm:/root # grep -i cgi `find /var/sec/chroot-httpd/ -name '*.conf' 2> /dev/null`
/var/sec/chroot-httpd/etc/httpd/vhost/httpd-webadmin.conf: Options Followsymlinks ExecCGI
/var/sec/chroot-httpd/etc/httpd/vhost/httpd-webadmin.conf: AddHandler fcgid-script .plx
/var/sec/chroot-httpd/etc/httpd/httpd.conf[:D]irectoryIndex index.plx redirect.cgi
/var/sec/chroot-httpd/etc/httpd/httpd.conf:# mod_fcgid
/var/sec/chroot-httpd/etc/httpd/httpd.conf:LoadModule fcgid_module /usr/libexec/apache2/mod_fcgid.so
/var/sec/chroot-httpd/etc/httpd/httpd.conf:FcgidMaxProcesses 10
/var/sec/chroot-httpd/etc/httpd/httpd.conf:FcgidMaxRequestLen 536870912
/var/sec/chroot-httpd/etc/httpd/httpd.conf:FcgidBusyTimeout 60
/var/sec/chroot-httpd/etc/httpd/httpd.conf:FcgidErrorScanInterval 60
/var/sec/chroot-httpd/etc/httpd/httpd.conf:FcgidConnectTimeout 60
/var/sec/chroot-httpd/etc/httpd/httpd.conf:FcgidIOTimeout 60
/var/sec/chroot-httpd/etc/httpd/httpd.conf:FcgidSpawnScoreUpLimit 100
/var/sec/chroot-httpd/etc/httpd/httpd.conf:FcgidMaxProcessesPerClass 100
/var/sec/chroot-httpd/etc/httpd/httpd.conf:FcgidSpawnScore 0
/var/sec/chroot-httpd/etc/httpd/httpd.conf:FcgidTerminationScore 0
/var/sec/chroot-httpd/etc/httpd/httpd.conf:FcgidIPCDir /tmp/sock
/var/sec/chroot-httpd/etc/httpd/httpd.conf:FcgidProcessTableFile /tmp/fcgid_shm
/var/sec/chroot-httpd/etc/httpd/httpd.conf:AddHandler cgi-script .pl .cgi .plc
utm:/root # ps aufxe | grep -E "^wwwrun" | head -1 | sed -r "s/ /\n/g" | grep -E "^SHELL="
SHELL=/bin/sh
utm:/root # ls -l /var/sec/chroot-httpd/bin/*sh*
-rwxr-xr-x 1 root root 554984 Sep 9 16:12 /var/sec/chroot-httpd/bin/bash
lrwxrwxrwx 1 root root 4 Sep 9 16:12 /var/sec/chroot-httpd/bin/sh -> bash
loginuser@utm:/home/login > export VAR1='() { ignored; }; /usr/bin/id'
loginuser@utm:/home/login > bash
uid=100(loginuser) gid=100(users) groups=100(users)
loginuser@utm:/home/login >