Shell Shock (Bash Bug)
Download as PPTX, PDF4 likes1,182 views
Shellshock, a serious security vulnerability in the Unix Bash shell, was disclosed on September 24, 2014, allowing attackers to execute commands on vulnerable machines. Discovered by Stephane Chazelas, it affects various systems including Unix, Mac OS X, and certain internet-connected devices. Initial solutions to protect against Shellshock are incomplete, necessitating updates to Bash and additional security measures.
Shell Shock (Bash Bug)
- 1. By Mahesh
- 2. Shell Shock is… • Shellshock, also known as Bashdoor, is a family of security bugs in the widely used UNIX Bash shell. • The first of which was disclosed on 24 September 2014. • An attacker could exploit a machine running Bash by forcing it to set specially crafted environment variables. This could then be further exploited to let them execute shell commands, i.e., run programs on other people’s computers.
- 3. Who discovered • Stephane Chazelas (Scientist) discovered a vulnerability in bash on 24 Sep 2014 16:05:51(07:30PM IST), Wednesday midnight in Australia. • Within hours, hackers had released code that could take over vulnerable machines and turn them into a malicious botnet. • Bash is free software, developed collaboratively and overseen since 1992 on a volunteer basis by Chet Ramey and believes that Shellshock dates back to a new feature. Hacker scientist OR
- 4. Implementing Issuing remote commands to the web server ------------------------------------- (){------------------------------------- Example: VAR=() { ignored; }; /bin/id
- 5. Related vulnerabilities CVE-2014-6271—Shell Shock CVE-2014-6277 CVE-2014-6278 CVE-2014-7169 CVE-2014-7186 CVE-2014-7187 Major exploitation Vectors CGI-web based server OpenSSH Server DHCP Qmail server IBM HMC restricted shell
- 6. Which systems gets affected • Stand-alone Web servers • Unix and Mac OS X systems • Internet-connected devices • Smart phones that use the Android operating system • Every version of CentOS that was released before 31 September 2014 was impacted
- 7. How to test and protect our devices Test: Run the following command on Terminal env x='() { :;}; echo vulnerable' bash - c "echo this is a test“ If you’re vulnerable it will print vulnerable this is a test Otherwise it prints only This is test Protect: Initial solutions for Shellshock do not completely resolve the vulnerability. Upgrade to the latest versions of bash AcceptEnv line from the default configuration file
- 8. Heartbleed: Heartbleed could be used to do things like steal passwords from a server Heartbleed went unnoticed for two years and affected an estimated 500,000 machines It requires more technical knowledge Worse than Heartbleed Shellshock: Shellshock can be used to take over the entire machine Shellshock was not discovered for 22 years and sky is the limit on attacks with Shellshock it's so easy to exploit According to NVD both bugs severity is 10 /10
- 10. Thank you….
- 11. Any queries….