Welcome, Guest: Register On Nairaland / LOGIN! / Trending / Recent / NewStats: 3,194,478 members, 7,954,861 topics. Date: Saturday, 21 September 2024 at 11:02 AM |
Nairaland Forum / Science/Technology / Programming / Bash Shell Vulnerability Affects Linux, Unix And Mac OS X (13255 Views)
Bash/shell Scripting In A Unix/linux Environment / Bash Shell Vulnerability Affects Linux,unix And Mac OS X / Iphone,ipad And MAC OS App Designers,where Art Thou? (2) (3) (4)
(1) (2) (3) (4) (Reply) (Go Down)
Bash Shell Vulnerability Affects Linux, Unix And Mac OS X by Enouwem(m): 4:01pm On Sep 26, 2014 |
[img]http://1.bp..com/-VQ8KDBhjMDM/VCPBgN-AVvI/AAAAAAAAgd8/TLel5x_Xmeo/s728/bash-shellshock.png[/img] A Critical remotely exploitable vulnerability has been discovered in the widely used Linux and Unix command-line shell, known as Bash , aka the GNU Bourne Again Shell, leaving countless websites, servers, PCs, OS X Macs, various home routers, and many more open to the cyber criminals. Earlier today, Stephane Chazelas publicly disclosed the technical details of the remote code execution vulnerability in Bash which affects most of the Linux distributions and servers worldwide. REMOTELY EXPLOITABLE SHELLSHOCK The vulnerability (CVE-2014-6271) affects versions 1.14 through 4.3 of GNU Bash and being named as Bash Bug, and Shellshock by the Security researchers on the Internet discussions. According to the technical details, a hacker could exploit this bash bug to execute shell commands remotely on a target machine using specifically crafted variables. “In many common configurations, this vulnerability is exploitable over the network, ” Stephane said. This 22-year-old vulnerability stems from the way bash handles specially-formatted environment variables, namely exported shell functions. When assigning a function to a variable, trailing code in the function definition will be executed. BASH BUG AFFECTS MILLIONS OF SYSTEMS While bash is not directly used by remote users, but it is a common shell for evaluating and executing commands from other programs, such as web server or the mail server. So if an application calls the Bash shell command via web HTTP or a Common-Gateway Interface (CGI) in a way that allows a user to insert data, the web server could be hacked. In Simple words, If Bash has been configured as the default system shell, an attacker could launch malicious code on the server just by sending a specially crafted malicious web request by setting headers in a web request, or by setting weird mime types. Proof-of-concept code for cgi-bin reverse shell has been posted on the Internet. Similar attacks are possible via OpenSSH, “We have also verified that this vulnerability is exposed in ssh—but only to authenticated sessions. Web applications like cgi- scripts may be vulnerable based on a number of factors; including calling other applications through a shell, or evaluating sections of code through a shell.” Stephane warned. But if an attacker does not have an SSH account this exploit would not work. This is a serious risk to Internet infrastructure, just like Heartbleed bug, because Linux not only runs the majority of the servers but also large number of embedded devices, including Mac OS X laptops and Android devices are also running the vulnerable version of bash Software. NIST vulnerability database has rated this vulnerability “10 out of 10” in terms of severity. HOW TO CHECK FOR VULNERABLE SHELL To determine if a Linux or Unix system is vulnerable, run the following command lines in your linux shell: env X="() { :;} ; echo shellshock" /bin/sh -c "echo completed" env X="() { :;} ; echo shellshock" `which bash` -c "echo completed" If you see the words "shellshock" in the output, errrrr… then you are at risk. BASH BUG PATCH You are recommended to disable any CGI scripts that call on the shell, but it does not fully mitigate the vulnerability. Many of the major operating system and Linux distribution vendors have released the new bash software versions today, including: Red Hat Enterprise Linux (versions 4 through 7) and the Fedora distribution CentOS (versions 5 through 7) Ubuntu 10.04 LTS, 12.04 LTS, and 14.04 LTS Debian If your system is vulnerable to bash bug, then you are highly recommended to upgrade your bash software package as soon as possible. Source: http://thehackernews.com/2014/09/bash-shell-vulnerability-shellshock.html?m=1 5 Likes |
Re: Bash Shell Vulnerability Affects Linux, Unix And Mac OS X by Enouwem(m): 4:14pm On Sep 26, 2014 |
You can use these Shellshock Bash Vulnerability Online scanner to scan your servers: (1) http://bashsmash.ccsir.org/ (2) http://shellshock.brandonpotter.com/ (3) http://www.shellshocktest.com/ 2 Likes 1 Share |
Re: Bash Shell Vulnerability Affects Linux, Unix And Mac OS X by Enouwem(m): 4:16pm On Sep 26, 2014 |
Everything you need to know about the exploit: http://www.google.com/m?q=Shellshock+exploit+&client=ms-opera-mini-android&channel=new |
Re: Bash Shell Vulnerability Affects Linux, Unix And Mac OS X by Innodon(m): 7:19pm On Sep 26, 2014 |
noted |
Re: Bash Shell Vulnerability Affects Linux, Unix And Mac OS X by otijah(m): 7:19pm On Sep 26, 2014 |
@op I swear u didn't even und what you posted, neigther do I, but all am saying iS no bash or born again Shell weapon formed against NL Shall prosper. Say amen by clicking like 21 Likes |
Re: Bash Shell Vulnerability Affects Linux, Unix And Mac OS X by Nobody: 7:20pm On Sep 26, 2014 |
how am i not sure that command will not bring d virus lol 1 Like |
Re: Bash Shell Vulnerability Affects Linux, Unix And Mac OS X by TeGaTeGa1(m): 7:20pm On Sep 26, 2014 |
Please who has that pic that a funny Nigerian actor has his hands on his head with a caption "CHISOS" 11 Likes |
Re: Bash Shell Vulnerability Affects Linux, Unix And Mac OS X by merieam16(f): 7:20pm On Sep 26, 2014 |
Wat er dis 1ce sayin ,sumbori pls explain 1 Like 1 Share |
Re: Bash Shell Vulnerability Affects Linux, Unix And Mac OS X by victorazy(m): 7:21pm On Sep 26, 2014 |
Ok 1 Like |
Re: Bash Shell Vulnerability Affects Linux, Unix And Mac OS X by ClintonNzedimma(m): 7:21pm On Sep 26, 2014 |
Make ona dey execute commands. Your system might be vulnerable to even Ebola 1 Like |
Re: Bash Shell Vulnerability Affects Linux, Unix And Mac OS X by datguru: 7:22pm On Sep 26, 2014 |
All hail the great russians 1 Like |
Re: Bash Shell Vulnerability Affects Linux, Unix And Mac OS X by victorazy(m): 7:23pm On Sep 26, 2014 |
merieam16: Wat er dis 1ce sayin ,sumbori pls explain Nne u fine too much, u resemble beverly O. Ur libs is kissable. 1 Like |
Re: Bash Shell Vulnerability Affects Linux, Unix And Mac OS X by englishmart(m): 7:24pm On Sep 26, 2014 |
Nobody needs book space on threads like this. Coz e no go get pass 2 pages. 2 Likes |
Re: Bash Shell Vulnerability Affects Linux, Unix And Mac OS X by uken73(m): 7:24pm On Sep 26, 2014 |
This is dangerous. |
Re: Bash Shell Vulnerability Affects Linux, Unix And Mac OS X by sibepoc(m): 7:24pm On Sep 26, 2014 |
Seriously?? |
Re: Bash Shell Vulnerability Affects Linux, Unix And Mac OS X by mrdrizzy(m): 7:24pm On Sep 26, 2014 |
Mehn na gibberish i dey see here.. Lol. Thanks anyway 1 Like |
Re: Bash Shell Vulnerability Affects Linux, Unix And Mac OS X by sirjohnson(m): 7:24pm On Sep 26, 2014 |
Hmmm, am scared |
Re: Bash Shell Vulnerability Affects Linux, Unix And Mac OS X by lilprinze: 7:24pm On Sep 26, 2014 |
h |
Re: Bash Shell Vulnerability Affects Linux, Unix And Mac OS X by Nobody: 7:24pm On Sep 26, 2014 |
Xo Microsoft is safer *chuckle* it won't be in another case of bug anyway I still stand my ground that digital age is a transparent age, some one will always know his way around a highly secured System. 2 Likes 1 Share |
Re: Bash Shell Vulnerability Affects Linux, Unix And Mac OS X by victorazy(m): 7:25pm On Sep 26, 2014 |
ClintonNzedimma: . Is that the size of ur brain? 6 Likes 1 Share |
Re: Bash Shell Vulnerability Affects Linux, Unix And Mac OS X by ajahexcel(m): 7:25pm On Sep 26, 2014 |
booked |
Re: Bash Shell Vulnerability Affects Linux, Unix And Mac OS X by calobinna(m): 7:25pm On Sep 26, 2014 |
hmmm....na sharp stuffs for hacking dudes..i guess Stephane Chazelas has spoilt business for boys! for those who love weed and wants it to be legalized... follow this link www.nairaland.com/1889887/thread-those-love-weed#26056777 1 Like |
Re: Bash Shell Vulnerability Affects Linux, Unix And Mac OS X by dre101(m): 7:25pm On Sep 26, 2014 |
Thanks for sharing the info. |
Re: Bash Shell Vulnerability Affects Linux, Unix And Mac OS X by victorazy(m): 7:26pm On Sep 26, 2014 |
lilprinze: h Lacomus: F Are we learning ABCD? 6 Likes |
Re: Bash Shell Vulnerability Affects Linux, Unix And Mac OS X by foliman(m): 7:26pm On Sep 26, 2014 |
. |
Re: Bash Shell Vulnerability Affects Linux, Unix And Mac OS X by Austindark(m): 7:26pm On Sep 26, 2014 |
englishmart: Nobody needs book space on threads like this. ur head dey wella 1 Like |
Re: Bash Shell Vulnerability Affects Linux, Unix And Mac OS X by zizazizu: 7:26pm On Sep 26, 2014 |
Make una come tell us in plain English wetin this one mean. Are we safe? If not, what is not safe. What can we do to make it safe? Instead of gisting us about BASH (Bash Ali ba) and GNU (that sounds like an animal)! No offence meant though. 4 Likes 2 Shares |
Re: Bash Shell Vulnerability Affects Linux, Unix And Mac OS X by uzoexcel(m): 7:26pm On Sep 26, 2014 |
never knew upgrading my ubuntu 14.04 ASAP |
Re: Bash Shell Vulnerability Affects Linux, Unix And Mac OS X by merieam16(f): 7:27pm On Sep 26, 2014 |
victorazy:tankz buh wz dat d explainatn 1 Like |
Re: Bash Shell Vulnerability Affects Linux, Unix And Mac OS X by Nobody: 7:27pm On Sep 26, 2014 |
Its a vulnerability that Hackers can exploit and get root access to your server.. That's the best explanation for newbies 5 Likes |
Re: Bash Shell Vulnerability Affects Linux, Unix And Mac OS X by maxit2(m): 7:28pm On Sep 26, 2014 |
Enouwem: You can use these Shellshock Make i use am check Nairaland.com before another wahala happen.. UPDATE: No need to panic. Just checked and our dear NL is safe. |
Re: Bash Shell Vulnerability Affects Linux, Unix And Mac OS X by PastorOluT(m): 7:28pm On Sep 26, 2014 |
Secured! |
How To Build A Forum Website Like Nairaland .com / Most Used Mysql Database Functions / After 10days Of Coding With Html, Css And Javascript Forum4africa Is Ready
(Go Up)
Sections: politics (1) business autos (1) jobs (1) career education (1) romance computers phones travel sports fashion health religion celebs tv-movies music-radio literature webmasters programming techmarket Links: (1) (2) (3) (4) (5) (6) (7) (8) (9) (10) Nairaland - Copyright © 2005 - 2024 Oluwaseun Osewa. All rights reserved. See How To Advertise. 24 |