SHELLSHOCK – BASH under attack

On September 24, two new vulnerabilities were published in the NIST database related to the shell used quite some time ago by Linux and Unix operating systems named BASH. The vulnerabilities are the CVE-2014-6271 and CVE-2014-7169. These vulnerabilities were given the collective name of SHELLSHOCK and is generating a lot of movement in the world of computer security for the tremendous impact it can cause.

What is SHELLSHOCK?

It is a vulnerability affecting a operating system program called GNU Bourne Again Shell (BASH) used by multiple platforms, including Unix, Linux, Mac OSX, iOS (iPhone) and Android, in addition to multiple devices such as routers, switches, modems, phones, and many more whose applications are based on any of the first.

What is the impact of Shellshock?

While the BASH program is for local use in the operating system, it can be invoked by any other operating system program, it can even be invoked from Web applications. So a vulnerability in this program has a very high impact level in the entire system.

For example: Web Systems using CGI calls to shells scripts written in BASH are affected by this vulnerability, in a specific case Apache, if you have enabled the mod_cgi or mod_cgid modules, but does not have just to be for Apache, this can affect to any Web server using CGI calls.

If you have PHP applications that invoke operating system shells that are written in BASH, may also be affected.

Demons with elevated privileges can also run scripts created with BASH shells, this is highly dangerous.

Programs can define environment variables that are used during the execution of your code. If you can create environment variables that contain malicious code, that code can be executed, the variable used to exploit the vulnerability.

In summary. The impact is very high and I have evidence to show that is being used to carry out attacks worldwide. Therefore, my call is for system administrators apply the appropriate patches immediately.

How to know if my computers are vulnerable to attack?

To determine if their computers are vulnerable to attack, just run the following code from the command line of your system:

env = x ‘() {:;}; Echo vulnerable ‘bash c “echo this is a test”

if you get the answer:

vulnerable

this is a test

then your computer is vulnerable, if not vulnerable, you will get a response like this:

bash: warning: x: ignoring function definition Attempt

bash: error importing function definition for ‘x’

this is a test

Currently a large number of manufacturers of security solutions and tools include within its mechanisms to detect if this vulnerability is present or not in their system.

As a recommendation, start applying patches to systems that are exposed directly to the Internet and then to the equipment and systems that are in the DMZ (demilitarized zones) and then to systems that are in the ZDC (trusted zones), and finally the other systems on private networks.

Anuncios

Responder

Introduce tus datos o haz clic en un icono para iniciar sesión:

Logo de WordPress.com

Estás comentando usando tu cuenta de WordPress.com. Cerrar sesión / Cambiar )

Imagen de Twitter

Estás comentando usando tu cuenta de Twitter. Cerrar sesión / Cambiar )

Foto de Facebook

Estás comentando usando tu cuenta de Facebook. Cerrar sesión / Cambiar )

Google+ photo

Estás comentando usando tu cuenta de Google+. Cerrar sesión / Cambiar )

Conectando a %s