Are our WiFI routers and rooftop radios affected by the Bash Shellshock vulnerability?

Ger Robertson wrote this copyrighted missive and expects royalties:

Shell into it and see!

They almost certainly aren't. Bash is unlikely to be installed on embedded systems: too large. They probably use Busybox. Besides, if anyone on the WAN can connect to your router at all it's already broken. Of course, if you are running the manufacturer's firmware it probably has a dozen gaping holes built in anyway...

Ubuntu with bash scripts is used for many embedded appliances and they are vulnerable.

Here's a link,

But actually tells you nothing really useful at all, just gives as many scary quotes from as many security experts as he could find when writing up his useless FUD.

If he was really c>

Telnet (or Putty) into it and sh will tell you what shell it runs. []'s

And our toasters! I now know whom to blame when my toast burns tomorrow.

No it will tell you what shell it runs as a replacement for sh. It may have many shells installed. And once you have telneted in, you already have shell access so do not need shell access. The question is whether there are any externally listening programs which use bash and which can be fed "carefully crafted" environment variables from outside.

#sh

BusyBox v1.00 (2012.02.06-00:34+0000) Built-in shell (msh) Enter 'help' for a list of built-in commands.

#cat /etc/services

Aw, c'mon, it's a start. []'s

Shadow wrote, on Fri, 26 Sep 2014 18:16:30 -0300:

How do you telnet into your router? It just hung when I tried it.

$ telnet router Trying 192.168.1.1... Connected to router. Escape character is '^]'.

To find out what the default shell is, enter this... echo $SHELL If it is bash and there are other shells installed, you can change the default shell. chsh -s /bin/dash or chsh -s /bin/sh or whatever.

Different default. This is the default for that particular user-- the shell that is opened up on a terminal when the user logs in. The default I was talking about is the default that the system uses in general- it is usually called sh, but most systems have /bin/sh pointing to some other shell which also has the same commands as the classic sh shell (such as bash). Writers expect sh to comply with certain standards so for example /bin/tcsh would not be a good thing for /bin/sh to point to because thestructure of tcsh is very different from the old sh.

That will change your own particular shell that is brought up when you log in. Actually the latter will probably give you bash anyway, since /bin/sh is often a link to /bin/bash.

Maybe you disabled telnet access in the GUI, or it could be "off" by default ? Try configuring via GUI first. Or maybe it does not allow access via wireless, like mine, I need an Ethernet connection to login as admin. And experiment with PuTTY. Nice little freeware utility

Might be in your repos if you run Linux. []'s

Do you know any cheapo home routers (D-Link, Netgear, etc) that actually use bash, and not BusyBox, or some other compact "do-all" binary ? I know the expensive ones might use it, and the shell on my homemade CD-Booted router/firewall running on an old AMD K6 was bash, but bash is a bit of an overkill for a cheap home router. []'s

On a Linux/Unix system that is true. I don't think routers support multiple users or do they?

If routers support only one user, that would not be an issue. Even so, it is possible to change the default shell for all users.

On my system, SolydX, sh points to dash. The same is true for Mint, Ubuntu and MX-14. Don't know about any others.

I thought you meant Cylons at first. :P

All your toast are belong to us.

Wildman wrote this copyrighted missive and expects royalties:

That's long been true for Debian, I believe. It is certainly true right now.

My cheap D-Link does:

default_backdoor = root admin = "root" support = if it's an adsl modem router gives ISP access user = dunno what he's for. He can view settings, but not change them. But he CAN remotely update the firmware, which means he can do anything, including botnet the router. To be "safe", give the last 3 strong passwords.

PS default_backdoor is hidden to admin, and password is "safely" "secured" for your "safety". ;) []'s