cancel
Showing results for 
Search instead for 
Did you mean: 
Erik
Level 9
Report Inappropriate Content
Message 1 of 9

CVE-2014-6271 - Custom Attack Rule for NSP

DearBytes SOC has generated a NSP custom attack rule based on the SNORT rule created by Volexity. (credits: CVE-2014-6271 – Remotely Exploitable Vulnerability in Bash | Volexity Blog)

This can be imported in NSP to detect and block attacks on CVE-2014-6172. The rule is set to HIGH severity. Depending on your own config (whether IPS high severity is in blocking mode), this may directly lead to traffic being blocked, please bare this in mind.

8 Replies
Reliable Contributor exbrit
Reliable Contributor
Report Inappropriate Content
Message 2 of 9

Re: CVE-2014-6172 - Custom Attack Rule for NSP

Moved to NSP as a better spot.

Moderator

Re: CVE-2014-6172 - Custom Attack Rule for NSP

Is this for CVE-2014-6271? Do you have a typo in the name?

Erik
Level 9
Report Inappropriate Content
Message 4 of 9

Re: CVE-2014-6172 - Custom Attack Rule for NSP

ah nice. Yes its for CVE-2014-6271. Aka Shellshock

Erik
Level 9
Report Inappropriate Content
Message 5 of 9

Re: CVE-2014-6172 - Custom Attack Rule for NSP

I dont believe i am able to edit the post though ...

Reliable Contributor exbrit
Reliable Contributor
Report Inappropriate Content
Message 6 of 9

Re: CVE-2014-6271 - Custom Attack Rule for NSP

I've altered the main header but can't alter posts in-between unfortunately.

Peter

Moderator

Highlighted

Re: CVE-2014-6271 - Custom Attack Rule for NSP

So does Mcafee Total Protection have updates that have thwarted this Shellshock or Bash Bug?

I have just made huge mistake in posting here now it plugs in a pinterest link on it's own with this post and I can't seem to edit it out If this forum is screwy I wonder what else is. I should have stayed with ESET? Plus it hyper links all of this Ehhhhhh

EDIT - There was an implied request in the above for someone to take out that pinterest hyperlink. I have editing permissions as a Moderator, so I took it out as per the implied request. Editing someone else's post is not something I do, as a rule, but I hope you don't mind on this occasion. As to how a pinterest link got in there : no-one else's posts have got one of those. If you're signed up to pinterest it must be something to do with your account there  - Hayton

Re: CVE-2014-6271 - Custom Attack Rule for NSP

McAfee has already released one the signature set is 7.6.41.5 and 8.6.41.5. The following KB will give more information. the NSP ID is 0x4513a700

https://kc.mcafee.com/agent/index?page=content&id=KB83009

Regards,

Rukmal

Re: CVE-2014-6271 - Custom Attack Rule for NSP

Thank you rukmalf. I had searched the Mcafee website but nothing pulled up under the Shellshock or Bash Bug and that is why searched here and found nothing I could understand and why I posted here.

Edit - Oops, another pinterest hyperlink. Removed as per the implied request (above)   - Hayton

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator