+ Reply to Thread
Results 1 to 19 of 19
  1. #1
    BG Content
    Join Date
    Oct 2005
    Posts
    62,815
    BG Level
    10
    FFXIV Character
    Six Souls
    FFXIV Server
    Gilgamesh
    FFXI Server
    Quetzalcoatl
    WoW Realm
    Malorne
    Blog Entries
    9

    Shellshock: A Heartbleed-like Vulnerability for Unix/Linux & Apple Operating Systems

    The flaw has been found in a software component known as Bash, which is a part of many Linux systems as well as Apple's Mac operating system.

    The bug, dubbed Shellshock, can be used to remotely take control of almost any system using Bash, researchers said.

    Some 500,000 machines worldwide were thought to have been vulnerable to Heartbleed. But early estimates, which experts said were conservative, suggest that Shellshock could hit at least 500 million machines.

    The problem is particularly serious given that many web servers are run using the Apache system, software which includes the Bash component.
    http://www.bbc.com/news/technology-29361794
    https://www.us-cert.gov/ncas/current...-Vulnerability

    Is already being widely used for Botnets, is an easy vulnerability to exploit
    So far, thousands of servers have been compromised via Shellshock and some have been used to bombard web firms with data, said experts.

    One group used their Shellshock botnet to bombard machines run by Akamai with huge amounts of junk data to try to knock them offline. Another group used its botnet to scan for more machines that are vulnerable.

    Jaime Blasco, a researcher at security firm AlienVault, said its honeypot had seen scans and attacks that used Shellshock. The scans simply informed attackers that a server was vulnerable, he wrote, but others attempted to install malware to put that machine under an attacker's control.
    http://www.bbc.com/news/technology-29375636
    http://www.alienvault.com/open-threa...21-in-the-wild
    http://www.theregister.co.uk/2014/09...rm_type_fears/
    https://www.cert.gov.uk/resources/al...ka-shellshock/
    https://community.rapid7.com/communi...-cve-2014-6271

  2. #2
    The Shitlord
    Join Date
    Feb 2008
    Posts
    11,366
    BG Level
    9
    FFXIV Character
    Kharo Hadakkus
    FFXIV Server
    Hyperion
    FFXI Server
    Sylph
    WoW Realm
    Rivendare


  3. #3
    The Tower
    Join Date
    Apr 2005
    Posts
    2,160
    BG Level
    7
    FFXIV Character
    Stromgarde Siren
    FFXIV Server
    Gilgamesh
    FFXI Server
    Siren

    This is an order of magnitude worse than heartbleed. I've seen POC's granting shell access in injections via the user agent string.

  4. #4

    I've yet to see any examples using this to escape to root or any shell privileges. I guess it all relies on what exactly your http user is set to do and if you have chroot'd environment.

  5. #5
    I Am, Who I Am.
    Join Date
    Nov 2005
    Posts
    15,994
    BG Level
    9
    FFXIV Character
    Trixi Sephyuyx
    FFXIV Server
    Excalibur
    FFXI Server
    Ragnarok

    Honestly I think more of these outbreaks need to occur more often. Forces companies to update their crap whiteboxes and code.

  6. #6
    The Shitlord
    Join Date
    Feb 2008
    Posts
    11,366
    BG Level
    9
    FFXIV Character
    Kharo Hadakkus
    FFXIV Server
    Hyperion
    FFXI Server
    Sylph
    WoW Realm
    Rivendare

    DID NO ONE GET MY JOKE?!

  7. #7
    listen!
    Join Date
    Apr 2011
    Posts
    7,236
    BG Level
    8
    FFXI Server
    Sylph

    Quote Originally Posted by BaneTheBrawler View Post
    DID NO ONE GET MY JOKE?!
    nope

  8. #8
    The Shitlord
    Join Date
    Feb 2008
    Posts
    11,366
    BG Level
    9
    FFXIV Character
    Kharo Hadakkus
    FFXIV Server
    Hyperion
    FFXI Server
    Sylph
    WoW Realm
    Rivendare

    shoulda led with this, i guess.


  9. #9

    Quote Originally Posted by SephYuyX View Post
    Honestly I think more of these outbreaks need to occur more often. Forces companies to update their crap whiteboxes and code.
    bash and openssh are both opensource lol.

    DID NO ONE GET MY JOKE?!
    I got it Bane, dont worry man

  10. #10
    Remit One (1) Custom Title
    Join Date
    Sep 2007
    Posts
    2,442
    BG Level
    7
    FFXIV Character
    Qeomash Pandemonium
    FFXIV Server
    Cactuar
    FFXI Server
    Asura

    I just love the flexibility of this one. You can induce the other machine to be a DDOS client by having it ping something, download and run some other software, or invoke a fork bomb.... The possibilities!

  11. #11
    Melee Summoner
    Join Date
    Aug 2013
    Posts
    31
    BG Level
    1

    Meanwhile...


  12. #12

    That hurts my heart, having written many scripts for bash when I was in a sys admin class.

  13. #13
    A. Body
    Join Date
    May 2008
    Posts
    4,168
    BG Level
    7
    FFXIV Character
    Minerva Kissaki
    FFXIV Server
    Gilgamesh
    FFXI Server
    Leviathan

    i thought thread name was sherlock <___<

    im sure im not the only one

  14. #14

    http://weev.livejournal.com/409835.html

    Dear clueless assholes: stop bashing bash and GNU.
    I just love the flexibility of this one. You can induce the other machine to be a DDOS client by having it ping something, download and run some other software, or invoke a fork bomb.... The possibilities!
    Don't allow anyone other then root to modify permissions on files, or use wget / nc / scp or any other method of downloading files on a webserver or whatever unless it's needed and if so, restrict that user to hell.

  15. #15
    Remit One (1) Custom Title
    Join Date
    Sep 2007
    Posts
    2,442
    BG Level
    7
    FFXIV Character
    Qeomash Pandemonium
    FFXIV Server
    Cactuar
    FFXI Server
    Asura

    Dear clueless assholes
    I'd just like to point out this was posted on livejournal.

  16. #16
    The Fucking Voice of Actually
    Join Date
    Nov 2007
    Posts
    10,274
    BG Level
    9
    FFXIV Character
    Cantih Hacos
    FFXIV Server
    Gilgamesh
    FFXI Server
    Bahamut
    Blog Entries
    6

    There are an unusual number of tech people who still use it, or, maybe have their own blogsite but mirror stuff to LJ.

  17. #17
    Chram
    Join Date
    Jun 2007
    Posts
    2,842
    BG Level
    7
    FFXIV Character
    Skai Aetheris
    FFXIV Server
    Gilgamesh

    Quote Originally Posted by shidobu View Post
    i thought thread name was sherlock <___<

    im sure im not the only one
    You're not the only one bro!

  18. #18

    So reading through Troy Hunt, cgi scripts require not authentication to run in bash? That makes this a lot more fun, just downloaded the pentest vm to fuck around in with burp.

  19. #19

    To add onto this, in Linux most services run as a user designated for that service (ex: ftp, http, apache, blahblah) as a security measure to prevent this sort of thing. Someone pointed out though that while dhcp has it's own user, some dhcp scripts are run as root which can open up a hole.