'Shellshock' BASH Vulnerability Discovered
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Other forums
- :
- Tech Help - Software/Hardware etc
- :
- Re: 'Shellshock' BASH Vulnerability Discovered
'Shellshock' BASH Vulnerability Discovered
24-09-2014 11:43 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
[Quote=http://www.tomsguide.com/us/shellshock-osx-linux,news-19614.html]
A fundamental flaw in one of the most basic functions of OS X, Linux, UNIX and related operating systems was revealed and patched today (Sept. 24) by software developers. The Bash "shell," or command-line interface for UNIX-like systems, allows injection of random, possibly malicious, code following commands, and automatically executes that code without verifying it. Today's patch prevents that code execution...
Re: 'Shellshock' BASH Vulnerability Discovered
25-09-2014 1:46 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Quote Shell scripts which do not export variables are not vulnerable to this issue, even if they process untrusted content and store it in (unexported) shell variables and open subshells.
(Majority of shell scripts) ?
Unless somebody has been very reckless with security, this bug would only affect a single user.
"In The Beginning Was The Word, And The Word Was Aardvark."
Re: 'Shellshock' BASH Vulnerability Discovered
25-09-2014 11:46 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Re: 'Shellshock' BASH Vulnerability Discovered
25-09-2014 1:57 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Anyway DD-WRT seems ok >>> http://www.dd-wrt.com/phpBB2/viewtopic.php?t=268805
Added: "I'm still unsure how are any embedded devices (routers among them) vulnerable to this particular CVE.
Can you please point me at router firmware (or custom router firmware) that actually uses bash, the latter being one of the slowest and resource-hogging shells? Almost all Linux-based routers run Busybox, which implements its own tiny shell.
This also does not affect the majority of *NIX/BSD servers as those usually don't have bash (besides possible personal user shells, and those that host CGI scripts that specifically use #!/usr/bin/bash instead of #!/bin/sh; /bin/sh is never bash in this case). Same can be said about Ubuntu which uses dash as its /bin/sh replacement. As in, the vulnerability can be exploited on these systems, but only locally (and probably only if there are setuid bash scripts, otherwise all you get is run some code with your own effective UID/GID)."
Re: 'Shellshock' BASH Vulnerability Discovered
25-09-2014 2:09 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Re: 'Shellshock' BASH Vulnerability Discovered
26-09-2014 12:00 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
https://www.cert.gov.uk/resources/alerts/update-bash-vulnerability-aka-shellshock/
Re: 'Shellshock' BASH Vulnerability Discovered
26-09-2014 12:14 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
I've read one description and I'm still trying to understand how content from the HTTP header gets passed to the shell in the first place. Its something to do with the way environment variables are set I think, but as I understand it in an unsafe/unauthenticated environment everything must be done using direct calls not via a command shell to prevent the risk of an attacker inserting metacharacters that could execute commands. Any use of any command shell invites this kind of attack, since any future version of the shell or alternative shell could add a new separator that the filter would not filter out.
Was the shell ever designed to be secure anyway? It was always expected to be run in an authenticated environment.
OK I think I get it a bit more now, its that the function definition happens even though its put inside quotes. "Oh we'll put quotes round it that's sure to make it safe". Facepalm.
Re: 'Shellshock' BASH Vulnerability Discovered
26-09-2014 7:01 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Web servers are of primary concern as they tend to execute external code to generate page content and place some of the received header fields and content in environment variables to give the sub-process the context it requires. Any server which launches sub-processes and sets up environment variables using client supplied content is at potential risk.
With regards to security, the ability to run the shell and issue command usually requires direct access (physically or through another interface like SSH or telnet) or is being launched from what would be considered an trusted program. As such, there's not a lot else that can be done as the authentication has already occurred before the shell is executed.
Re: 'Shellshock' BASH Vulnerability Discovered
26-09-2014 11:25 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
"In The Beginning Was The Word, And The Word Was Aardvark."
Re: 'Shellshock' BASH Vulnerability Discovered
27-09-2014 10:50 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Re: 'Shellshock' BASH Vulnerability Discovered
27-09-2014 12:38 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Re: 'Shellshock' BASH Vulnerability Discovered
27-09-2014 1:49 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Re: 'Shellshock' BASH Vulnerability Discovered
27-09-2014 4:47 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
"In The Beginning Was The Word, And The Word Was Aardvark."
Re: 'Shellshock' BASH Vulnerability Discovered
05-10-2014 7:55 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Quote from: 11110_110 Can you please point me at router firmware (or custom router firmware) that actually uses bash
Not sure about every vendor but Cisco's list of affected devices are published http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash.
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Other forums
- :
- Tech Help - Software/Hardware etc
- :
- Re: 'Shellshock' BASH Vulnerability Discovered