Shellshock - BASH shell

User avatar
Pigeon
Posts: 18055
Joined: Thu Mar 31, 2011 3:00 pm

Shellshock - BASH shell

Post by Pigeon » Fri Sep 26, 2014 5:32 am

Bash can also be used to run commands passed to it by applications and it is this feature that the vulnerability affects. One type of command that can be sent to Bash allows environment variables to be set. Environment variables are dynamic, named values that affect the way processes are run on a computer. The vulnerability lies in the fact that an attacker can tack-on malicious code to the environment variable, which will run once the variable is received.


User avatar
Royal
Posts: 10562
Joined: Mon Apr 11, 2011 5:55 pm

Re: Shellshock - BASH shell

Post by Royal » Fri Sep 26, 2014 5:37 am

Is there an example of this in nature?


Seems like whatever happens with computers... virus, worms, trojans... there is a comparable example.

User avatar
Pigeon
Posts: 18055
Joined: Thu Mar 31, 2011 3:00 pm

Re: Shellshock - BASH shell

Post by Pigeon » Fri Sep 26, 2014 5:41 am

Just something overlooked in parsing data being input or something that might not be a good idea to do in the first place. I haven't seen an actual example.

User avatar
Royal
Posts: 10562
Joined: Mon Apr 11, 2011 5:55 pm

Re: Shellshock - BASH shell

Post by Royal » Fri Sep 26, 2014 5:43 am

The more I read it, it just seems like a vulnerability than a form of attack.

Hyphy music - losing my IQ.

User avatar
Pigeon
Posts: 18055
Joined: Thu Mar 31, 2011 3:00 pm

Re: Shellshock - BASH shell

Post by Pigeon » Fri Sep 26, 2014 5:45 am

Attacks can be made because it is a vulnerability. So you are actually correct.

User avatar
Royal
Posts: 10562
Joined: Mon Apr 11, 2011 5:55 pm

Re: Shellshock - BASH shell

Post by Royal » Fri Sep 26, 2014 5:46 am

I see. A form of attack suited to the vulnerability.

User avatar
Pigeon
Posts: 18055
Joined: Thu Mar 31, 2011 3:00 pm

Re: Shellshock - BASH shell

Post by Pigeon » Fri Sep 26, 2014 5:48 am

Royal wrote:I see. A form of attack suited to the vulnerability.
winner.

That's basically how most of these things work.

User avatar
Pigeon
Posts: 18055
Joined: Thu Mar 31, 2011 3:00 pm

Re: Shellshock - BASH shell

Post by Pigeon » Fri Sep 26, 2014 5:49 am

Looks like it has existed the whole time but someone just now discovered it.

User avatar
Royal
Posts: 10562
Joined: Mon Apr 11, 2011 5:55 pm

Re: Shellshock - BASH shell

Post by Royal » Fri Sep 26, 2014 5:51 am

What now?

User avatar
Pigeon
Posts: 18055
Joined: Thu Mar 31, 2011 3:00 pm

Re: Shellshock - BASH shell

Post by Pigeon » Fri Sep 26, 2014 5:58 am

Link with video example here

Post Reply