[nmglug] Critical Vulnerability in bash
Max Bond
max.o.bond at gmail.com
Thu Sep 25 22:03:29 PDT 2014
Yeah, my bad on talking about home routers, you're right about BusyBox.
This vuln was a paper tiger, and not even as serious as the other
vulnerabilities discovered yesterday.
On Thu, Sep 25, 2014 at 8:43 AM, Sam Noble <s at mnoble.net> wrote:
> On Wed, Sep 24, 2014 at 11:24:35PM -0600, Max Bond wrote:
> > There is a critical vulnerability in bash which can often lead to remote
> > execution of code or local elevation of privileges.
> >
> > Theres a patch in the repositories but it doesn't actually fix the issue
> > yet.
> >
> > Bring down everything you can; don't connect to distrusted DCHP servers;
> > Apple is also effected, as are Android and iPhones; this is going to
> have a
> > huge fallout. Be prepared to update your home router. Most routers rely
> on
> > bash CGIs which are the biggest attack vector. Worms are imminently
> > expected.
> >
> >
> https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/
>
> The DHCP thing, is interesting, and this _is_ a serious deal for
> webservers with mod_cgi, But the home router thing, which I keep hearing
> people say, is going to be crazy rare. Unless you're like me and
> manually install bash in libreWRT/openWRT etc, /bin/sh is nearly
> certainly pointing to busybox and it's built in ash shell.
>
> Otherwise it looks to me like this mostly falls back to being an
> un-scary local exploit, right? Like if you have credentialed but
> untrusted local users?
>
> Now I have to rethink that public shell server business that was going
> to make me env RICHNESS_LEVEL='(ALIBABAIPO) { :;}; dpkg-vendor --is
> debian || debootstrap stable /' echo $RICHNESS_LEVEL
>
> --
> sam
> _______________________________________________
> nmglug mailing list
> nmglug at lists.nmglug.org
> http://lists.nmglug.org/listinfo.cgi/nmglug-nmglug.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nmglug.org/pipermail/nmglug-nmglug.org/attachments/20140925/9c968dea/attachment.htm>
More information about the nmglug
mailing list