Register a SA Forums Account here!
JOINING THE SA FORUMS WILL REMOVE THIS BIG AD, THE ANNOYING UNDERLINED ADS, AND STUPID INTERSTITIAL ADS!!!

You can: log in, read the tech support FAQ, or request your lost password. This dumb message (and those ads) will appear on every screen until you register! Get rid of this crap by registering your own SA Forums Account and joining roughly 150,000 Goons, for the one-time price of $9.95! We charge money because it costs us money per month for bills, and since we don't believe in showing ads to our users, we try to make the money back through forum registrations.
The Something Awful Forums > Discussion > Serious Hardware/Software Crap > BashBleed/ShellShock - My heart is bleeding
 
  • Locked thread
ukle
Nov 28, 2005
 Note all the current fixes released do not fully fix the issue.

https://twitter.com/taviso/status/514887394294652929

Further fixes are coming later today (at least from Ubuntu and Redhat who have both commented on this further exploit).

* # ¿ Sep 25, 2014 13:47
  • Quote
Adbot
ADBOT LOVES YOU

# ¿ Apr 16, 2024 16:02
  • Quote
ukle
Nov 28, 2005
 Do you have any embedded devices that have a web front end? Then you are likely vulnerable.

Web server side of things shouldn't be that bad, as most people don't have CGI scripts on a normal website. Where it is bad is CPanel, Plesk, etc - they are all vulnerable so a lot of shared hosting servers are at risk.

Cpanel are saying they have tested and aren't vulnerable to it, which is good hope its the case for the rest.

Edit: just reading that in fact its not just a theoretical risk with just PHP, all web application languages are vulnerable e.g. NodeJs, Django, etc. Would imagine there are lots of people having a field day exploiting this, especially given a proper fix might be a while coming.

ukle fucked around with this message at 14:34 on Sep 25, 2014

* # ¿ Sep 25, 2014 14:11
  • Quote
ukle
Nov 28, 2005

gallop w/a boner posted:

Stupud question, but what should this output if the system is vulnerable/not vulnerable?

For Vulnerable
Vulnerable
this is a test

None Vulnerable
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test

^beaten

Remember this is only testing the original fix, its not testing the wider problem which isn't fixed at all yet.

* # ¿ Sep 25, 2014 15:43
  • Quote
ukle
Nov 28, 2005
 Evidence that its already being exploited -

http://www.kernelmode.info/forum/viewtopic.php?f=16&t=3505#p23987

Patch ASAP. Note that exact malware is exploiting the same flaw in Busybox, to take over routers to be DDoS bots.

ukle fucked around with this message at 16:34 on Sep 25, 2014

* # ¿ Sep 25, 2014 16:29
  • Quote
ukle
Nov 28, 2005
 It also affects Busybox as well, which is where the first seen in the wild use of this exploit was found.

Remember as well that the exploit still isn't fully patched, although hopefully that 'final' fix is probably due any time now.

* # ¿ Sep 25, 2014 18:20
  • Quote
Adbot
ADBOT LOVES YOU

# ¿ Apr 16, 2024 16:02
  • Quote
ukle
Nov 28, 2005
 Nasty proof of concept to weaponise this bug via DHCP -

https://www.trustedsec.com/september-2014/shellshock-dhcp-rce-proof-concept/

Run a DHCP server on the network that then forces a command via the exploit to each machine as it gets a lease, given that is usually run at root level its potentially limitless.

Just shows the potential damage for this exploit is far beyond what was first envisaged.

* # ¿ Sep 26, 2014 18:53
  • Quote
  • Locked thread
The Something Awful Forums > Discussion > Serious Hardware/Software Crap > BashBleed/ShellShock - My heart is bleeding