Subsonic Forum

[Krosscheck]

I am running Subsonic 4.9 on a Windows 2008 server and have Symantec Endpoint Protection 12 for virus protection.

About 20-30 times a day, i see this pop up (message below). The traffic is blocked, but I'm wondering if htis is legit or if I should continue to block. Just wanted to see if anyone else noticed this on their subsonic servers.

[SID: 27907] OS Attack: GNU Bash CVE-2014-6271 attack blocked. Traffic has been blocked for this application: \DEVICE\HARDDISKVOLUME2\PROGRAM FILES (X86)\SUBSONIC\SUBSONIC-SERVICE.EXE

[Fluffhead27]

I am having the same thing happen and am curious if this is something I need to worry about as well. From what I can tell, Symantec is doing its job and there is nothing to worry about, but it does worry me that someone is constantly trying to attack my computer via Subsonic.

Some info: http://www.symantec.com/connect/blogs/s ... nerability
- Symantec has created an Intrusion Prevention signature for protection against this vulnerability: 27907 - OS Attack: GNU Bash CVE-2014-6271 (http://www.symantec.com/security_respon ... asid=27907).

I am running Subsonic 5.0 on Windows 7 using Norton Security Suite (Comcast/Xfinity version of Symantec's virus protection).

All the lines with "High" listed in the left column are this attack coming from various IP addresses, all targeting SUBSONIC-SERVICE.EXE


More detailed view

[alphawave7]

FYI..appears to be scans looking for shellshock exploits:
https://web.nvd.nist.gov/view/vuln/deta ... -2014-6271
http://en.wikipedia.org/wiki/Shellshock_(software_bug)