[kwlug-disc] Vulnerability in bash

[Fernando Duran]

The issue with the Bash bug is its big attack surface, which is a fancy way of saying "it can be in a lot of (unsuspected) places", unlike say Heartbleed which was limited to one (very popular) protocol implementation. At least is easy to fix (for now).

So we may have exploits for other network services besides web server + CGI (see https://www.trustedsec.com/september-2014/shellshock-dhcp-rce-proof-concept/ for DHCP ex), random boxes acting as routers/gateways (it doesn't even have to be Linux) etc.

(PS is my shitty yahoo mail double-posting my messages?)
 
--------------------- 
Fernando Duran 
http://www.fduran.com



> On Thursday, September 25, 2014 7:19 PM, William Park <opengeometry at yahoo.ca> wrote:
> > On Thu, Sep 25, 2014 at 04:33:27PM -0400, B.S. wrote:
>>  Which startles me. I thought bash was an interpreter sucking in command
>>  lines.  The startling part is not that it might not be, it's that the
>>  thing is so darned fast you can't tell the difference (that new
>>  processes are being spawned with each line)!
> 
> Well, shell sucks in command lines, as always.  If the command is
> built-in, then shell runs it.  So, if it crashes, the shell crashes.  If
> the command is external binary, then shell does fork/exec.  If that
> binary crashes, then shell is okay since those two are separate
> processes (parent/child).
> 
> This whole thing is just another form of "source injection" that SQL 
> is
> most widely known for.  The fact that environment variable contains
> "shell function" is okay, since it's just string.  When shell 
> runs, it
> converts that string into function, just like when you "source" a 
> file.
> So, it's not a bug, really.  Shell is doing the right thing. :-)
> -- 
> William
> 
> 
> 
> _______________________________________________
> kwlug-disc mailing list
> kwlug-disc at kwlug.org
> http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
>