Patched Bash still vulnerable to Shellshock

Bash Shellshock

The bug that was discovered and patched in the Bash shell is still vulnerable to code injection attacks. And the latest is that the bug, now officially known as Shellshock, is being exploited by a computer worm. But nobody seems to know the extent to which the attacks have been successful.

The problem with Shellshock, is that many of the devices that could be vulnerable cannot be patched. Such devices include embedded devices that are powered by highly modified versions of Linux. Home Internet access routers and webcams are another group of devices that are susceptible to Shellshock, besides all the Internet-facing Cloud servers and personal computing systems that run a Linux distribution.

Related Post:  LinHES R8 home entertainment system Released

The latest statement from Red Hat, Inc., which was the first company to publish a patch, says that “the patches shipped for this issue are incomplete. An attacker can provide specially-crafted environment variables containing arbitrary commands that will be executed on vulnerable systems under certain conditions.” That’s the bad news. The good news: The bug in the patch “is a less severe issue and patches for it are being worked on.”

Reuters has reported that experts they spoke with are saying that “For an attack to be successful, a targeted system must be accessible via the Internet and also running a second vulnerable set of code besides Bash.” But nobody is saying what those “second vulnerable set of code” are.

Related Post:  The problem with using CAcert's digital certificates

A new test that anybody may conduct to determine whether their copy of Bash is vulnerable was posted on the Twitter account of Tavis Ormandy. Try the code: env X='() { (a)=>\' sh -c "echo date"; cat echo. Actually, that is not the only line of code that you can run to test whether your copy is Bash can be exploited. But that should be enough. If your copy of Bash is vulnerable, there should be a file named echo in the directory that you ran the code in. Delete it and wait for the next patch.
Bash Shellshock

Share:

Share on facebook
Facebook
Share on twitter
Twitter
Share on pinterest
Pinterest
Share on linkedin
LinkedIn

Hola! Did you notice that LinuxBSDos.com no longer run network ads?  Yep, no more ads from the usual suspects that track and annoy you across the Internet. But since I still need to pay to keep the site running, feel free to make a small donation by PayPal or your favorite cryptocurrency.

  • Bitcoin
  • Ethereum
  • Xrp
  • Bitcoin cash
  • Bitcoin sv
  • Litecoin
  • Binance coin
  • Cardano
  • Ethereum classic
Scan to Donate Bitcoin to bc1qzvlte2m224zkayhdc7fdfjkp2rsgt0l5a496ua

Donate Bitcoin to this address

Scan the QR code or copy the address below into your wallet to send some Bitcoin

Scan to Donate Ethereum to 0x0F4362DFF77F3Ba0Dc637F5f3Eba35D09a2fA60C

Donate Ethereum to this address

Scan the QR code or copy the address below into your wallet to send some Ethereum

Scan to Donate Xrp to r4ggjvL36njsMCYTkJ3S7cTHscPsMsSGQv

Donate Xrp to this address

Scan the QR code or copy the address below into your wallet to send some Xrp

Scan to Donate Bitcoin cash to qrs0dedzp9t55af3nfwypydghp29r0xguy9s20fz2k

Donate Bitcoin cash to this address

Scan the QR code or copy the address below into your wallet to send some Bitcoin cash

Scan to Donate Bitcoin sv to 15K9TLyVDBtLuG9cYvXCX9SSkq9C9oUKHK

Donate Bitcoin sv to this address

Scan the QR code or copy the address below into your wallet to send some Bitcoin sv

Scan to Donate Litecoin to LetJ9QQMb7u2LMZ9Tu6rtHwcBcQFW98fbG

Donate Litecoin to this address

Scan the QR code or copy the address below into your wallet to send some Litecoin

Scan to Donate Binance coin to bnb1ga8trq08ssqepd90v6225nzfgy448pu5pw8gxp

Donate Binance coin to this address

Scan the QR code or copy the address below into your wallet to send some Binance coin

Scan to Donate Cardano to addr1qx2354yw49etstfljpdhwja3ajjlt487lg95vu9ngy2q6vu4rf2ga2tjhqknlyzmwa9mrm997h20a7stgectxsg5p5esq5l7d9

Donate Cardano to this address

Scan the QR code or copy the address below into your wallet to send some Cardano

Scan to Donate Ethereum classic to 0xcD6CC972a2297FcafACDcfE042C55C69516a9264

Donate Ethereum classic to this address

Scan the QR code or copy the address below into your wallet to send some Ethereum classic

Subscribe for updates. Trust me, no spam!

Sponsored links

1. Attend Algorithm Conference, a top AI and ML event.
2. Reasons to use control panel for your server.
3. DHgate Computers Electronics, Cell Phones & more.

Upcoming events

2 Responses

  1. The latest patches that were released last night do fix this bug. Which is to say that my test system passes the checks that have been put out there once the updates are applied.

  2. This article is very misleading about embedded devices. The vast majority of embedded devices don’t have bash installed and were never vulnerable to this exploit. Most embedded devices use a lightweight shell like ash.

Leave a Reply

Your email address will not be published. Required fields are marked *

Get the latest

On social media
Via my newsletter

Partner links

1. Attend Algorithm Conference, a top AI and ML event for 2021.
2. Reasons to use control panel for your server.
3. DHgate Computers Electronics, Cell Phones & more.
Hacking, pentesting distributions

Linux Distributions for Hacking

Experts use these Linux distributions for hacking, digital forensics, and pentesting.

Categories
Archives

The authors of these books are confirmed to speak during

Algorithm Conference

T-minus AI

Author was the first chairperson of AI for the U.S. Air Force.

The case for killer robots

Author is the Director of the Center for Natural and Artificial Intelligence.

Why greatness cannot be planned

Author works on AI safety as a Senior Research Scientist at Uber AI Labs.