Welcome!
Important information
-- Spectre and Meltdown vulnerabilities
-- Change in MX sources

News
-- MX Linux on social media: here
-- Mepis support still here

Current releases
-- MX-17.1 Final release info here
-- antiX-17 release info here

New users
-- Please read this first, and don't forget to add system and hardware information to posts!
-- Here are the Forum Rules

AERIS/CIA on Debian?

Post Reply
Message
Author
mihail_bc
Forum Novice
Forum  Novice
Posts: 69
Joined: Sun May 21, 2017 4:24 pm

AERIS/CIA on Debian?

#1 Post by mihail_bc » Sat Jul 29, 2017 11:02 am


User avatar
Mauser
Forum Regular
Forum Regular
Posts: 707
Joined: Mon Jun 27, 2016 7:32 pm

Re: AERIS/CIA on Debian?

#2 Post by Mauser » Sat Jul 29, 2017 3:51 pm

It says Debian 7. MX-16.1 is based off of Debian 8. There is no date on that post, so who knows.

User avatar
timkb4cq
Forum Veteran
Forum Veteran
Posts: 4416
Joined: Wed Jul 12, 2006 4:05 pm

Re: AERIS/CIA on Debian?

#3 Post by timkb4cq » Sat Jul 29, 2017 4:47 pm

And it looks as though you had to have shell access to the debian system first in order to install Aeris. So rather than an exploit, it's a tool to use after the initial hack.
MSI 970A-G43 MB, AMD FX-6300 (six core), 16GB RAM, GeForce 730, Samsung 850 EVO 250GB SSD, Seagate Barracuda XT 3TB

User avatar
PhantomTramp
Forum Regular
Forum Regular
Posts: 291
Joined: Tue Jul 10, 2007 12:53 pm

Re: AERIS/CIA on Debian?

#4 Post by PhantomTramp » Sat Jul 29, 2017 5:15 pm

https://en.wikipedia.org/wiki/Shellshock_(software_bug)

Would this give shell access back then?

The Tramp

User avatar
timkb4cq
Forum Veteran
Forum Veteran
Posts: 4416
Joined: Wed Jul 12, 2006 4:05 pm

Re: AERIS/CIA on Debian?

#5 Post by timkb4cq » Sat Jul 29, 2017 6:01 pm

If you were running CGI scripts on your webserver that didn't carefully check passed parameters then yes, it could have.
That's why I don't have any CGI scripts that take any parameters on mxrepo.com. Since it really only serves static files I can get away with that.
And of course that bug was patched right away.
MSI 970A-G43 MB, AMD FX-6300 (six core), 16GB RAM, GeForce 730, Samsung 850 EVO 250GB SSD, Seagate Barracuda XT 3TB

mihail_bc
Forum Novice
Forum  Novice
Posts: 69
Joined: Sun May 21, 2017 4:24 pm

Re: AERIS/CIA on Debian?

#6 Post by mihail_bc » Sun Jul 30, 2017 12:08 pm

ok, so another question would be... how did it get into Debian 7? Did is shipped with the official distro? Who's to say it is missing in newer versions? Hhos to blame for this? Its more than a philosophy than a threat...

User avatar
timkb4cq
Forum Veteran
Forum Veteran
Posts: 4416
Joined: Wed Jul 12, 2006 4:05 pm

Re: AERIS/CIA on Debian?

#7 Post by timkb4cq » Sun Jul 30, 2017 9:56 pm

Shellshock (aka bashdoor) was a bug in the bash shell that was apparently introduced at least 2 years before the first Linux kernel, but wasn't noticed by Unix or Linux developers for 25 years. Bash was patched for it as soon as it was noticed in 2014, and bash, as a critical part of most distros, is checked for reversions with each new verson. It's pretty certain that particular bug is squashed. I suppose with access to enough archives one could find out who made the oversight in the late 1980's - but I don't see the point of looking. Everybody makes mistakes. One free software developer goofed and another cleaned up the goof once it came to light.
MSI 970A-G43 MB, AMD FX-6300 (six core), 16GB RAM, GeForce 730, Samsung 850 EVO 250GB SSD, Seagate Barracuda XT 3TB

mihail_bc
Forum Novice
Forum  Novice
Posts: 69
Joined: Sun May 21, 2017 4:24 pm

Re: AERIS/CIA on Debian?

#8 Post by mihail_bc » Mon Jul 31, 2017 3:17 am

ok, so was it a bug or a feature? :))) good to know everything is well now.

Post Reply

Return to “Desktop Environment”