Shellshock fixes beget another round of patches as attacks mount

Shellshock fixes beget another round of patches as attacks mount

SANS' Internet Storm Center moves up threat level based on bash exploits in wild.

by Sean Gallagher Sept 30 2014 Ars Technica

Over the past few days, Apple, Red Hat, and others have pushed out patches to vulnerabilities in the GNU Bourne Again Shell (bash). The vulnerabilities previously allowed attackers to execute commands remotely on systems that use the command parser under some conditions-including Web servers that use certain configurations of Apache. However, some of the patches made changes that broke from the functionality of the GNU bash code, so now debate continues about how to "un-fork" the patches and better secure bash.

At the same time, the urgency of applying those patches has mounted as more attacks that exploit the weaknesses in bash's security (dubbed "Shellshock") have appeared. In addition to the threat first spotted the day after the vulnerability was made public, a number of new attacks have emerged. While some appear to simply be vulnerability scans, there are also new exploit attempts that carry malware or attempt to give the attacker direct remote control of the targeted system.


formatting link

***** Moderator's Note *****

The "Shellshock" exploit, as I understand it, affects those running Apache with the Bash shell enabled. I don't know if disabling Bash will prevent the exploit from succeeding, but anyone running a server that has both Apache and Bash available is advised to upgrade.

Bill Horne Moderator

Reply to
Monty Solomon
Loading thread data ...


The only effective way of "disabling" bash is to rename the binary. If the entry vector code being exploited is explicitly calling /bin/bash then just changing it as the default shell for login won't do anything.

The systems like desktop/server Linux that are kept patched and up to date will be ok, it is all those devices with Linux firmware and a web interface that rarely (if ever) get updated that may be at risk of permanent exploitation if they have any external ports available to attack. That means most home/small business grade Internet facing modems/routers etc. and that is what scares me!

Reply to
David Clayton Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.