bash:shellshock
Differences
This shows you the differences between two versions of the page.
| Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
| bash:shellshock [2016/10/19 15:45] – [Finding the Bug] peter | bash:shellshock [2020/07/15 09:30] (current) – external edit 127.0.0.1 | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ====== | + | ====== |
| The Shellshock bug allows someone to remotely execute arbitrary code on systems that uses Bash. | The Shellshock bug allows someone to remotely execute arbitrary code on systems that uses Bash. | ||
| Line 6: | Line 6: | ||
| The Bash flaw – designated CVE-2014-6271 [http:// | The Bash flaw – designated CVE-2014-6271 [http:// | ||
| + | |||
| + | ---- | ||
| ===== Main Reason ===== | ===== Main Reason ===== | ||
| Line 17: | Line 19: | ||
| Whether these computers are actually vulnerable depends on whether they invoke Bash in an unsafe way. We already know that this is true of many web servers, and it’s believed that other types of network services could also be vulnerable. But it’ll take a while for security experts to audit various pieces of software to check for vulnerabilities. | Whether these computers are actually vulnerable depends on whether they invoke Bash in an unsafe way. We already know that this is true of many web servers, and it’s believed that other types of network services could also be vulnerable. But it’ll take a while for security experts to audit various pieces of software to check for vulnerabilities. | ||
| + | ---- | ||
| ===== Finding the Bug ===== | ===== Finding the Bug ===== | ||
| Line 45: | Line 48: | ||
| </ | </ | ||
| + | ---- | ||
| ===== Remote Code Execution Through Bash ===== | ===== Remote Code Execution Through Bash ===== | ||
| Line 89: | Line 92: | ||
| + | ---- | ||
| ==== Example 2: Getting a reverse tcp connection from target system using /dev/tcp connection. ==== | ==== Example 2: Getting a reverse tcp connection from target system using /dev/tcp connection. ==== | ||
| Line 106: | Line 109: | ||
| That’s it we successfully got the reverse connection of www-data user from the bash vulnerable system. | That’s it we successfully got the reverse connection of www-data user from the bash vulnerable system. | ||
| + | ---- | ||
| + | ===== Test Remote Sites ===== | ||
| + | |||
| + | If you simply want to test if websites or specific CGI scripts are vulnerable, use this link: | ||
| + | |||
| + | http:// | ||
| + | |||
| + | |||
| + | ---- | ||
| + | |||
| + | ===== Fix the Vulnerability ===== | ||
| + | |||
| + | The easiest way to fix the vulnerability is to use your default package manager to update the version of Bash. | ||
| + | |||
| + | <code bash> | ||
| + | sudo apt-get update && sudo apt-get install --only-upgrade bash | ||
| + | </ | ||
| + | |||
| + | ---- | ||
| + | |||
| + | ===== End of Life Ubuntu / Debian Releases ===== | ||
| + | |||
| + | If you are running a release of Ubuntu / Debian that is considered end of life status, you will have to upgrade to a supported to use the package manager to update Bash. The following command can be used to upgrade to a new release (it is recommended that you back up your server and important data first, in case you run into any issues): | ||
| + | |||
| + | <code bash> | ||
| + | sudo do-release-upgrade | ||
| + | </ | ||
| + | After the upgrade is complete, ensure that you update Bash. | ||
bash/shellshock.1476891940.txt.gz · Last modified: 2020/07/15 09:30 (external edit)