Xen Security Advisory - XSA 108 - http://xenbits.xen.org/xsa/advisory-108.html
Xen has issued an advisory and a related patch to address an issue that allows a "buggy or malicious HVM guest to crash the host or read data relating to other guests or the hypervisor itself."
Xen 4.1 and onward are vulnerable, only x86 systems are vulnerable. ARM systems are not vulnerable.
Applying the patch resolves this issue.
Security Onion news: Updated ShellShock detection scripts for Bro
Per Security Onion's Doug Burks, Seth Hall has developed some comprehensive ShellShock detection scripts for Bro.
These scripts "detect successful exploitation of the Bash vulnerability with CVE-2014-6271 nicknamed "ShellShock" and are more comprehensive than most detections in that they're watching for behavior from the attacked host that might indicate successful compromise or actual vulnerability."
Seth has updated these scripts again today to "Add shellscripts as a post-exploit detection mechanism."
Doug has updated the securityonion-bro-scripts package to include these changes and has also updated the securityonion-web-page package to include some ELSA queries for "ShellShock Exploits" and "ShellShock Scanners".
This is great for current Security Onion users, and even better for readers who have not yet investigated and invested in Security Onion. Now's the time to become familiar and improve your situational awareness, particularly given the fact that it's National Cyber Security Awareness Month. :-)
Everything you need is available on Doug's blog: http://blog.securityonion.net/2014/10/new-securityonion-bro-scripts-and.html
Comments