Good point to revisit this attack.
Shell code injection is based on a vulnerability within BASH. This shell variant is the widest used on all linux and unix based opationsystem, many of them ship them as default. Now, this bug exists for years and was never used, maybe cause nobody even now of its exsistens.
In September 2014 this bug was found and the legend of this vulnerability started
http://en.wikipedia.org/wiki/Shellshock_%28software_bug%29
Today, every version of the bash has a fix. Only problem is that many people out there are using quite old systems which will not receive security updates by default. Good news, and maybe many just do not know, within most linux operating systems you are able to replace the bash (ex. with zsh, tcsh or others) or you are able to use some ongoing "Long Term Support" repositories like debian just released for squeeze
https://wiki.debian.org/LTS/Using
Another idea would be to just compile your own version and install it from source
https://www.gnu.org/software/bash/
So, now this bug is more than half a year old, why do we still see this many attacks in the wild?
The answer is sad and easy at the same time.This vulnerability is so easy to use!
is all you need to exploit it. While you can replace the "echo date"; cat echo with simply every command you want to have, like wget or curl, chaning permissions, deleteing the harddisk.env X='() { (a)=>\' bash -c "echo date"; cat echo
Keine Kommentare:
Kommentar veröffentlichen