₦airaland Forum

Welcome, Guest: Join Nairaland / LOGIN! / Trending / Recent / New
Stats: 1,990,836 members, 4,196,973 topics. Date: Thursday, 19 April 2018 at 02:52 PM

Bash Shell Vulnerability Affects Linux, Unix And Mac OS X - Programming - Nairaland

Nairaland Forum / Science/Technology / Programming / Bash Shell Vulnerability Affects Linux, Unix And Mac OS X (11559 Views)

Bash/shell Scripting In A Unix/linux Environment / Bash Shell Vulnerability Affects Linux,unix And Mac OS X / Iphone,ipad And MAC OS App Designers,where Art Thou? (1) (2) (3) (4)

(0) (1) (2) (3) (Reply) (Go Down)

Bash Shell Vulnerability Affects Linux, Unix And Mac OS X by Enouwem(m): 4:01pm On Sep 26, 2014


A Critical remotely exploitable vulnerability has been discovered in the
widely used Linux and Unix command-line
shell, known as Bash , aka the GNU
Bourne Again Shell, leaving countless
websites, servers, PCs, OS X Macs, various
home routers, and many more open to the
cyber criminals.
Earlier today, Stephane Chazelas publicly
disclosed the technical details of the
remote code execution vulnerability in
Bash which affects most of the Linux
distributions and servers worldwide.
REMOTELY EXPLOITABLE SHELLSHOCK
The vulnerability (CVE-2014-6271)
affects versions 1.14 through 4.3 of GNU
Bash and being named as Bash Bug, and
Shellshock by the Security researchers on
the Internet discussions.
According to the technical details, a
hacker could exploit this bash bug to
execute shell commands remotely on a
target machine using specifically crafted
variables. “In many common
configurations, this vulnerability is
exploitable over the network, ” Stephane
said.
This 22-year-old vulnerability stems from
the way bash handles specially-formatted
environment variables, namely exported
shell functions. When assigning a function
to a variable, trailing code in the function
definition will be executed.
BASH BUG AFFECTS MILLIONS OF
SYSTEMS

While bash is not directly used by remote
users, but it is a common shell for
evaluating and executing commands from
other programs, such as web server or the
mail server. So if an application calls the
Bash shell command via web HTTP or a
Common-Gateway Interface (CGI) in a
way that allows a user to insert data, the
web server could be hacked.
In Simple words, If Bash has been
configured as the default system shell, an
attacker could launch malicious code on
the server just by sending a specially
crafted malicious web request by setting
headers in a web request, or by setting
weird mime types. Proof-of-concept code
for cgi-bin reverse shell has been posted
on the Internet.
Similar attacks are possible via
OpenSSH, “We have also verified
that this vulnerability is exposed in
ssh—but only to authenticated
sessions. Web applications like cgi-
scripts may be vulnerable based on
a number of factors; including
calling other applications through a
shell, or evaluating sections of code
through a shell.” Stephane warned.
But if an attacker does not have an
SSH account this exploit would not
work.
This is a serious risk to Internet
infrastructure, just like Heartbleed bug,
because Linux not only runs the majority
of the servers but also large number of
embedded devices, including Mac OS X
laptops and Android devices are also
running the vulnerable version of bash
Software. NIST vulnerability database has
rated this vulnerability “10 out of 10” in
terms of severity.
HOW TO CHECK FOR VULNERABLE
SHELL

To determine if a Linux or Unix system is
vulnerable, run the following command
lines in your linux shell:
env X="() { :;} ; echo
shellshock" /bin/sh -c "echo
completed"
env X="() { :;} ; echo shellshock"
`which bash` -c "echo
completed"

If you see the words "shellshock" in the
output, errrrr… then you are at risk.
BASH BUG PATCH
You are recommended to disable any CGI
scripts that call on the shell, but it does
not fully mitigate the vulnerability. Many
of the major operating system and Linux
distribution vendors have released the
new bash software versions today,
including:
Red Hat Enterprise Linux (versions 4
through 7) and the Fedora distribution
CentOS (versions 5 through 7)
Ubuntu 10.04 LTS, 12.04 LTS, and
14.04 LTS
Debian
If your system is vulnerable to bash bug,
then you are highly recommended to
upgrade your bash software package as
soon as possible.
Source: http://thehackernews.com/2014/09/bash-shell-vulnerability-shellshock.html?m=1

5 Likes

Re: Bash Shell Vulnerability Affects Linux, Unix And Mac OS X by Enouwem(m): 4:14pm On Sep 26, 2014
You can use these Shellshock
Bash Vulnerability Online scanner to scan your servers:
(1) http://bashsmash.ccsir.org/
(2) http://shellshock.brandonpotter.com/
(3) http://www.shellshocktest.com/

2 Likes 1 Share

Re: Bash Shell Vulnerability Affects Linux, Unix And Mac OS X by Enouwem(m): 4:16pm On Sep 26, 2014
Re: Bash Shell Vulnerability Affects Linux, Unix And Mac OS X by Innodon(m): 7:19pm On Sep 26, 2014
noted
Re: Bash Shell Vulnerability Affects Linux, Unix And Mac OS X by otijah(m): 7:19pm On Sep 26, 2014
@op I swear u didn't even und what you posted, neigther do I, but all am saying iS no bash or born again Shell weapon formed against NL Shall prosper. Say amen by clicking like

21 Likes

Re: Bash Shell Vulnerability Affects Linux, Unix And Mac OS X by ikp4succes(m): 7:20pm On Sep 26, 2014
how am i not sure that command will not bring d virus lol

1 Like

Re: Bash Shell Vulnerability Affects Linux, Unix And Mac OS X by TeGaTeGa1(m): 7:20pm On Sep 26, 2014
Please who has that pic that a funny Nigerian actor has his hands
on his head with a caption "CHISOS"

11 Likes

Re: Bash Shell Vulnerability Affects Linux, Unix And Mac OS X by merieam16(f): 7:20pm On Sep 26, 2014
Wat er dis 1ce sayin undecided,sumbori pls explain

1 Like 1 Share

Re: Bash Shell Vulnerability Affects Linux, Unix And Mac OS X by victorazy(m): 7:21pm On Sep 26, 2014
Ok

1 Like

Re: Bash Shell Vulnerability Affects Linux, Unix And Mac OS X by ClintonNzedimma(m): 7:21pm On Sep 26, 2014
Make ona dey execute commands.
Your system might be vulnerable to even Ebola

1 Like

Re: Bash Shell Vulnerability Affects Linux, Unix And Mac OS X by datguru: 7:22pm On Sep 26, 2014
All hail the great russians

1 Like

Re: Bash Shell Vulnerability Affects Linux, Unix And Mac OS X by victorazy(m): 7:23pm On Sep 26, 2014
merieam16: Wat er dis 1ce sayin undecided,sumbori pls explain

Nne u fine too much, u resemble beverly O. Ur libs is kissable.

1 Like

Re: Bash Shell Vulnerability Affects Linux, Unix And Mac OS X by englishmart(m): 7:24pm On Sep 26, 2014
Nobody needs book space on threads like this.
Coz e no go get pass 2 pages.

1 Like

Re: Bash Shell Vulnerability Affects Linux, Unix And Mac OS X by uken73(m): 7:24pm On Sep 26, 2014
This is dangerous.
Re: Bash Shell Vulnerability Affects Linux, Unix And Mac OS X by sibepoc(m): 7:24pm On Sep 26, 2014
Seriously??
Re: Bash Shell Vulnerability Affects Linux, Unix And Mac OS X by mrdrizzy(m): 7:24pm On Sep 26, 2014
Mehn na gibberish i dey see here..

Lol.

Thanks anyway

1 Like

Re: Bash Shell Vulnerability Affects Linux, Unix And Mac OS X by sirjohnson(m): 7:24pm On Sep 26, 2014
Hmmm, am scared
Re: Bash Shell Vulnerability Affects Linux, Unix And Mac OS X by lilprinze: 7:24pm On Sep 26, 2014
h
Re: Bash Shell Vulnerability Affects Linux, Unix And Mac OS X by Lacomus(m): 7:24pm On Sep 26, 2014
Xo Microsoft is safer *chuckle* it won't be in another case of bug anyway I still stand my ground that digital age is a transparent age, some one will always know his way around a highly secured System.

2 Likes 1 Share

Re: Bash Shell Vulnerability Affects Linux, Unix And Mac OS X by victorazy(m): 7:25pm On Sep 26, 2014
ClintonNzedimma: .

Is that the size of ur brain?

6 Likes 1 Share

Re: Bash Shell Vulnerability Affects Linux, Unix And Mac OS X by ajahexcel(m): 7:25pm On Sep 26, 2014
booked
Re: Bash Shell Vulnerability Affects Linux, Unix And Mac OS X by calobinna(m): 7:25pm On Sep 26, 2014
hmmm....na sharp stuffs for hacking dudes..i guess Stephane Chazelas has spoilt business for boys!
for those who love weed and wants it to be legalized... follow this link www.nairaland.com/1889887/thread-those-love-weed#26056777

1 Like

Re: Bash Shell Vulnerability Affects Linux, Unix And Mac OS X by dre101(m): 7:25pm On Sep 26, 2014
Thanks for sharing the info.
Re: Bash Shell Vulnerability Affects Linux, Unix And Mac OS X by victorazy(m): 7:26pm On Sep 26, 2014
lilprinze: h
Lacomus: F

Are we learning ABCD?

6 Likes

Re: Bash Shell Vulnerability Affects Linux, Unix And Mac OS X by foliman(m): 7:26pm On Sep 26, 2014
.
Re: Bash Shell Vulnerability Affects Linux, Unix And Mac OS X by Austindark(m): 7:26pm On Sep 26, 2014
englishmart: Nobody needs book space on threads like this.
Coz e no go get pass 2 pages.

ur head dey wella

1 Like

Re: Bash Shell Vulnerability Affects Linux, Unix And Mac OS X by zizazizu: 7:26pm On Sep 26, 2014
Make una come tell us in plain English wetin this one mean. Are we safe? If not, what is not safe. What can we do to make it safe? Instead of gisting us about BASH (Bash Ali ba) and GNU (that sounds like an animal)! No offence meant though.

4 Likes 2 Shares

Re: Bash Shell Vulnerability Affects Linux, Unix And Mac OS X by uzoexcel(m): 7:26pm On Sep 26, 2014
never knew

upgrading my ubuntu 14.04 ASAP
Re: Bash Shell Vulnerability Affects Linux, Unix And Mac OS X by merieam16(f): 7:27pm On Sep 26, 2014
victorazy:

Nne u fine too much, u resemble beverly O. Ur libs is kissable.
tankz buh wz dat d explainatn

1 Like

Re: Bash Shell Vulnerability Affects Linux, Unix And Mac OS X by JohnnySarz(m): 7:27pm On Sep 26, 2014
Its a vulnerability that Hackers can exploit and get root access to your server.. That's the best explanation for newbies

5 Likes

Re: Bash Shell Vulnerability Affects Linux, Unix And Mac OS X by maxit2(m): 7:28pm On Sep 26, 2014
Enouwem: You can use these Shellshock
Bash Vulnerability Online scanner to scan your servers:
(1) http://bashsmash.ccsir.org/
(2) http://shellshock.brandonpotter.com/
(3) http://www.shellshocktest.com/

Make i use am check Nairaland.com before another wahala happen..

UPDATE:
No need to panic. Just checked and our dear NL is safe.
Re: Bash Shell Vulnerability Affects Linux, Unix And Mac OS X by PastorOluT(m): 7:28pm On Sep 26, 2014
Secured!

(0) (1) (2) (3) (Reply)

Creating An Open-source Java Web Service / Updates From #ForLoopAbuja / Hope For C++ Newbies: Gui Toolkits

(Go Up)

Sections: politics (1) business autos (1) jobs (1) career education (1) romance computers phones travel sports fashion health
religion celebs tv-movies music-radio literature webmasters programming techmarket

Links: (0) (1) (2) (3) (4) (5) (6) (7) (8) (9)

Nairaland - Copyright © 2005 - 2018 Oluwaseun Osewa. All rights reserved. See How To Advertise. 85
Disclaimer: Every Nairaland member is solely responsible for anything that he/she posts or uploads on Nairaland.