The Shellshock Bug In About Four Minutes (video)

youtube.com ^ | 9-25-2014 | Tom Scott

[servo1969]

Remember Heartbleed? Well, this is probably worse. Here's a (somewhat simplified) explanation of what Shellshock actually is. Don't worry: I haven't included instructions on how to actually exploit it. The moral of the story is: keep your security patches up to date!

[kevkrom]

“Worse” is subjective. It’s a more severe bug when it’s exploited, however being able to exploit it is more difficult.

In any event, “keep up with security patches” is always good advice.

[raybbr]

Ping

[ImaGraftedBranch]

25 years this was possible, and they just find it. Talking about patching everything is going to be difficult, if not impossible, considering all of the embedded systems out there.

[ShadowAce]

[dayglored]

The good news is that most embedded systems don’t use Bash, they use something smaller like ash, dash, BusyBox, etc.

[dayglored]

> Don't worry: I haven't included instructions on how to actually exploit it.

You mean like this?

prompt$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

It's no secret how to exploit it. It's freakin' TRIVIAL to exploit it. But first, you have to get to it. That's the hard part.

This is a tempest in a teapot. No less a tempest, but this is a LOT harder to arrange to exploit than HeartBleed.

I'm a System Admin with a few hundred servers and workstations to patch -- it's a nightmare. That's my job...

But meanwhile, the freakin' technology twats writing these headlines sound like the world is ending. It's not. They're just pimping for webpage hits.

You want to know where the world is ending, look up the news on Ebola...

[ErnBatavia]

Being a dinosaur who gave-up with keeping-up with tech, I enjoy hitting these threads....it’s like those ‘English as a Second Language’ courses for us old phocks.....I try to learn sumpin, but quickly realize I’m beyond the curve.

[GOPJ]

Thanks for sharing...

[dayglored]

Sure thing. That one liner of code, BTW, is a good test for whether your /bin/bash is vulnerable or not.

Just copy/paste that line at a Bash prompt and hit return. If it prints out:

vulnerable
this is a test

then your Bash has the flaw. OTOH, if it prints out:

bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test

then your Bash is safe from this bug.

[dayglored]

... Minus the “prompt$” part, of course. That represents the shell prompt you’re entering the command at.

[GOPJ]

Thanks ... I suspect you’ve forgotten more about code than I’ll ever know. That said I’m thankful you’re here..

[dayglored]

> Thanks ... I suspect you’ve forgotten more about code than I’ll ever know. That said I’m thankful you’re here..

You're very welcome, FRiend, and thank -you- for the kind words.

Fact is, I've been at this for 44 years now and have forgotten more about code than -I- ever knew, too. :)

[scripter]

I patched 114 various distributions of Linux systems for this bug and ran that same test today, but I changed the “this is a test part” to “System is not vulnerable.” Too bad I didn’t already have Chef configured... One of these days...