IWETHEY v. 0.3.0 | TODO
1,095 registered users | 0 active users | 0 LpH | Statistics
Login | Create New User
IWETHEY Banner

Welcome to IWETHEY!

New Bash vulnerability enables exploit in the wild.
Ars Technica:

The vulnerability reported in the GNU Bourne Again Shell (Bash) yesterday, dubbed "Shellshock," may already have been exploited in the wild to take over Web servers as part of a botnet. More security experts are now weighing in on the severity of the bug, expressing fears that it could be used for an Internet "worm" to exploit large numbers of public Web servers. And the initial fix for the issue still left Bash vulnerable to attack, according to a new US CERT National Vulnerability Database entry.

In a blog post yesterday, Robert Graham of Errata Security noted that someone is already using a massive Internet scan to locate vulnerable servers for attack. In a brief scan, he found over 3,000 servers that were vulnerable "just on port 80"—the Internet Protocol port used for normal Web Hypertext Transfer Protocol (HTTP) requests. And his scan broke after a short period, meaning that there could be vast numbers of other servers vulnerable. A Google search by Ars using advanced search parameters yielded over two billion webpages that at least partially fit the profile for the Shellshock exploit.

"It's things like CGI scripts that are vulnerable, deep within a website (like CPanel's /cgi-sys/defaultwebpage.cgi)," Graham wrote. CPanel is a Web server control panel system used by many Web hosting providers. "Getting just the root page is the thing least likely to be vulnerable. Spidering the site and testing well-known CGI scripts (like the CPanel one) would give a lot more results—at least 10x."

[...]


:-/

Cheers,
Scott.
New Re: Bash s/vulnerability/feature/g enables exploit in the wild.
that has been around forever I am surprised that the security folks just noticed a documented feature can be exploited. That is why web designers are told to filter/parse/drop anything but expected traffic
Any opinions expressed by me are mine alone, posted from my home computer, on my own time as a free American and do not reflect the opinions of any person or company that I have had professional relations with in the past 59 years. meep
New And seriously, screw CGI
I build my own nginx servers from the ground up without that crap for a reason.
Regards,
-scott
Welcome to Rivendell, Mr. Anderson.
New A little discussion link
Any opinions expressed by me are mine alone, posted from my home computer, on my own time as a free American and do not reflect the opinions of any person or company that I have had professional relations with in the past 59 years. meep
New Trollin' trollin' trollin', lol.. is trollin'...
New All so silly
Security conscious programming always scrubs stuff sent to the shell, and that includes environmental variables.
This is documented behavior.
I'd be pissed if a complex shell script system I built gets broken by this being patched out of existence.
New Running any commands tacked onto the end of the function def wasn't documented
But that's what it did.
New yup,
Any opinions expressed by me are mine alone, posted from my home computer, on my own time as a free American and do not reflect the opinions of any person or company that I have had professional relations with in the past 59 years. meep
New dhclient could be vulnerable too
A rogue DHCP server could pass ENV variables to your dhclient-script

--
Sent from my Windows PC
Expand Edited by altmann Sept. 25, 2014, 06:53:12 PM EDT
New I think they're still figuring out the potential attack surface.
New 'tis huge
New Re: Bash vulnerability enables exploit in the wild.
Does this finally put to bed ESR's glib bullshit about numbers of eyeballs and the shallowness of bugs?

This bug has been in Bash for a quarter of a century.
     Bash vulnerability enables exploit in the wild. - (Another Scott) - (11)
         Re: Bash s/vulnerability/feature/g enables exploit in the wild. - (boxley) - (1)
             And seriously, screw CGI - (malraux)
         A little discussion link - (boxley) - (4)
             Trollin' trollin' trollin', lol.. is trollin'... -NT - (Another Scott)
             All so silly - (crazy) - (2)
                 Running any commands tacked onto the end of the function def wasn't documented - (altmann)
                 yup, -NT - (boxley)
         dhclient could be vulnerable too - (altmann) - (2)
             I think they're still figuring out the potential attack surface. -NT - (static) - (1)
                 'tis huge -NT - (pwhysall)
         Re: Bash vulnerability enables exploit in the wild. - (pwhysall)

If your attack is going too well, you're walking into an ambush.
116 ms