[Nottingham] Free Software Foundation statement on the GNU Bash "shellshock" vulnerability
Mike Cardwell
nlug at lists.grepular.com
Fri Sep 26 12:39:26 UTC 2014
* on the Fri, Sep 26, 2014 at 10:56:29AM +0100, Paul wrote:
> The problem not only effects bash but can also be exploited on apache,
> python etc. Check out the Red Hat security blog
> https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/
That's not strictly true. The problem is with bash only. Now, there are
lots of pieces of software which allow untrusted parties to set
arbitrary environment variables (which is ok behaviour). If you can
access one of those pieces of software, set an environment variable,
and then get it to run bash, then you can exploit bash. Apache isn't
vulnerable, but if you happen to use Apache to run a CGI script,
which it's self triggers bash to be executed, for example a Perl
script which uses the system function, then there is a hole through
which you can exploit the vulnerability in bash. Because you can
set e.g the "HTTP_REFERER" environment variable in the CGI script
by just sending "Referer: exploit code" in the HTTP headers of
your request.
The important thing to take away from this is: Update your boxes
today or you have a serious risk of being owned.
Mike
--
Mike Cardwell https://grepular.com https://emailprivacytester.com
OpenPGP Key 35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F
XMPP OTR Key 8924 B06A 7917 AAF3 DBB1 BF1B 295C 3C78 3EF1 46B4
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 598 bytes
Desc: Digital signature
URL: <http://mailman.lug.org.uk/pipermail/nottingham/attachments/20140926/2665e199/attachment.pgp>
More information about the Nottingham
mailing list