Shellshock - BASH shell

User avatar
Royal
Posts: 10562
Joined: Mon Apr 11, 2011 5:55 pm

Re: Shellshock - BASH shell

Post by Royal » Fri Sep 26, 2014 5:58 am

Seems kind of serious:
On Thursday, security experts warned that Bash contained a particularly alarming software bug that could be used to take control of hundreds of millions of machines around the world, potentially including Macintosh computers and smartphones that use the Android operating system.

The bug, named “Shellshock,” drew comparisons to the Heartbleed bug that was discovered in a crucial piece of software last spring.

But Shellshock could be a bigger threat. While Heartbleed could be used to do things like steal passwords from a server, Shellshock can be used to take over the entire machine. And Heartbleed went unnoticed for two years and affected an estimated 500,000 machines, but Shellshock was not discovered for 22 years.
http://www.nytimes.com/2014/09/26/techn ... .html?_r=0
Does this mean every machine without a patch is vulnerable?

Can a virus be deployed to fix the vulnerability?

User avatar
Pigeon
Posts: 18055
Joined: Thu Mar 31, 2011 3:00 pm

Re: Shellshock - BASH shell

Post by Pigeon » Fri Sep 26, 2014 6:00 am

Many versions of the shell are bad and need to be replaced with a newer one.

That video explains it. Pretty bad.
Does this mean every machine without a patch is vulnerable?
Yes

User avatar
Pigeon
Posts: 18055
Joined: Thu Mar 31, 2011 3:00 pm

Re: Shellshock - BASH shell

Post by Pigeon » Fri Sep 26, 2014 7:01 pm

Developed by Stephen Bourne at Bell Labs, it was a replacement for the Thompson shell, whose executable file had the same name—sh.

It was released in 1977 in the Version 7 Unix release distributed to colleges and universities.

Although it is used as an interactive command interpreter, it was also intended as a scripting language and contains most of the features that are commonly considered to produce structured programs

Unix and C, brought to you by Bell Labs.

User avatar
Pigeon
Posts: 18055
Joined: Thu Mar 31, 2011 3:00 pm

Re: Shellshock - BASH shell

Post by Pigeon » Fri Sep 26, 2014 10:41 pm

Image

User avatar
Royal
Posts: 10562
Joined: Mon Apr 11, 2011 5:55 pm

Re: Shellshock - BASH shell

Post by Royal » Sat Sep 27, 2014 2:07 am

Isis doesn't have an IT team, I think we will be ok.

User avatar
Pigeon
Posts: 18055
Joined: Thu Mar 31, 2011 3:00 pm

Re: Shellshock - BASH shell

Post by Pigeon » Sat Sep 27, 2014 6:26 pm

In today's world, everyone has an IT team, even if it the owners nephew who is in high school and plays computer games. They will have him build the web site.

Post Reply