Welcome!

Please read this important information about MX sources lists.
News
  • MX Linux on social media: here
  • Mepis support still here
Current releases
  • MX-17 RC1 release info here
  • MX-16.1 release info here
  • antiX-17 release info here
    New users
    • Please read this first, and don't forget to add system and hardware information to posts!
    • Read Forum Rules

AERIS/CIA on Debian?

Message
Author
mihail_bc
Forum Novice
Forum  Novice
Posts: 64
Joined: Sun May 21, 2017 4:24 pm

AERIS/CIA on Debian?

#1 Postby mihail_bc » Sat Jul 29, 2017 11:02 am


Mauser
Forum Regular
Forum Regular
Posts: 211
Joined: Mon Jun 27, 2016 7:32 pm

Re: AERIS/CIA on Debian?

#2 Postby Mauser » Sat Jul 29, 2017 3:51 pm

It says Debian 7. MX-16.1 is based off of Debian 8. There is no date on that post, so who knows.

User avatar
timkb4cq
Forum Veteran
Forum Veteran
Posts: 3810
Joined: Wed Jul 12, 2006 4:05 pm

Re: AERIS/CIA on Debian?

#3 Postby timkb4cq » Sat Jul 29, 2017 4:47 pm

And it looks as though you had to have shell access to the debian system first in order to install Aeris. So rather than an exploit, it's a tool to use after the initial hack.
MSI 970A-G43 MB, AMD FX-6300 (six core), 16GB RAM, GeForce 730, Samsung 850 EVO 250GB SSD, Seagate Barracuda XT 3TB

User avatar
PhantomTramp
Forum Regular
Forum Regular
Posts: 277
Joined: Tue Jul 10, 2007 12:53 pm

Re: AERIS/CIA on Debian?

#4 Postby PhantomTramp » Sat Jul 29, 2017 5:15 pm

https://en.wikipedia.org/wiki/Shellshock_(software_bug)

Would this give shell access back then?

The Tramp

User avatar
timkb4cq
Forum Veteran
Forum Veteran
Posts: 3810
Joined: Wed Jul 12, 2006 4:05 pm

Re: AERIS/CIA on Debian?

#5 Postby timkb4cq » Sat Jul 29, 2017 6:01 pm

If you were running CGI scripts on your webserver that didn't carefully check passed parameters then yes, it could have.
That's why I don't have any CGI scripts that take any parameters on mxrepo.com. Since it really only serves static files I can get away with that.
And of course that bug was patched right away.
MSI 970A-G43 MB, AMD FX-6300 (six core), 16GB RAM, GeForce 730, Samsung 850 EVO 250GB SSD, Seagate Barracuda XT 3TB

mihail_bc
Forum Novice
Forum  Novice
Posts: 64
Joined: Sun May 21, 2017 4:24 pm

Re: AERIS/CIA on Debian?

#6 Postby mihail_bc » Sun Jul 30, 2017 12:08 pm

ok, so another question would be... how did it get into Debian 7? Did is shipped with the official distro? Who's to say it is missing in newer versions? Hhos to blame for this? Its more than a philosophy than a threat...

User avatar
timkb4cq
Forum Veteran
Forum Veteran
Posts: 3810
Joined: Wed Jul 12, 2006 4:05 pm

Re: AERIS/CIA on Debian?

#7 Postby timkb4cq » Sun Jul 30, 2017 9:56 pm

Shellshock (aka bashdoor) was a bug in the bash shell that was apparently introduced at least 2 years before the first Linux kernel, but wasn't noticed by Unix or Linux developers for 25 years. Bash was patched for it as soon as it was noticed in 2014, and bash, as a critical part of most distros, is checked for reversions with each new verson. It's pretty certain that particular bug is squashed. I suppose with access to enough archives one could find out who made the oversight in the late 1980's - but I don't see the point of looking. Everybody makes mistakes. One free software developer goofed and another cleaned up the goof once it came to light.
MSI 970A-G43 MB, AMD FX-6300 (six core), 16GB RAM, GeForce 730, Samsung 850 EVO 250GB SSD, Seagate Barracuda XT 3TB

mihail_bc
Forum Novice
Forum  Novice
Posts: 64
Joined: Sun May 21, 2017 4:24 pm

Re: AERIS/CIA on Debian?

#8 Postby mihail_bc » Mon Jul 31, 2017 3:17 am

ok, so was it a bug or a feature? :))) good to know everything is well now.


Return to “Desktop Environment”

Who is online

Users browsing this forum: No registered users and 2 guests