A new dangerous vulnerability ShellShock allows you to attack a variety of devices, from smartphones to industrial servers
Positive Technologies experts warn of a new ShellShock vulnerability (CVE-2014-6271), the use of which allows the execution of arbitrary code. The vulnerability affected not only Internet servers and workstations, but also the devices that we use in everyday life - smartphones and tablets, home routers, laptops.
Vulnerability is present in one of the fundamental components of Linux-systems, the command shell bash. The mechanism for processing exported functions allows an attacker to remotely execute arbitrary commands of the operating system, if he has the ability to influence system environment variables. A similar situation often occurs in web applications when using the CGI interface (for example, Apache server using mod_cgi or mod_cgid). Common PHP and Python online development technologies are also vulnerable when using system / exec or os.system / os.popen calls, respectively.
')
An example of a vulnerable application is a common cPanel hosting control panel. There are other exploitation methods associated with the use of the ForceCommand restricted mechanism in OpenSSH, implemented in systems such as Git and Subversion.
There is information that a number of security researchers, in particular @ErrataRob, are already actively scanning the global network in search of vulnerable servers.
Positive Technologies experts recommend urgently installing a security update on all public GNU / Linux servers, because of the negative consequences of this vulnerability may be comparable to the sensational error in OpenSSL - HeartBleed. In the area of ​​risk systems are remote control servers and industrial systems. Often, they are designed with extensive use of shell-based technologies and are extremely rarely updated. Other potential hacking candidates using a new vulnerability are access points, routers, embedded devices, printers, and in general any devices connected by the Internet of Things.
Moreover, a potential attack can also be made on user devices such as smartphones and tablets running Android: simply connect to an attacker-controlled wireless access point. Such attacks are most dangerous in crowded places where people actively use Wi-Fi — in a cafe, in the subway, at the airport.
“This vulnerability is remarkable in that it uses a completely“ legal ”command shell mechanism, combined with the common use of operating system commands in the * nix-community. Unfortunately, many embedded devices used in both corporate networks and home systems are potentially vulnerable to a ShellShock attack. Compounding the matter is the fact that the systems on such devices are extremely rarely updated and often contain outdated versions of the OS and system components. Users of smartphones, tablets and laptops running Linux and Mac OS X are not recommended to connect to unfamiliar wireless access points before installing a security update, ”said Sergey Gordeychik, deputy general director of Positive Technologies.
The built-in protection mechanisms of Positive Technologies Application Firewall applications, even in its basic configuration, allow detecting and blocking the ShellShock attack. Clients of the Advanced Border Control service will receive prompt notifications of identified shortcomings.
More information about the vulnerability: www.securitylab.ru/vulnerability/458762.php
Vulnerability is present in one of the fundamental components of Linux-systems, the command shell bash. The mechanism for processing exported functions allows an attacker to remotely execute arbitrary commands of the operating system, if he has the ability to influence system environment variables. A similar situation often occurs in web applications when using the CGI interface (for example, Apache server using mod_cgi or mod_cgid). Common PHP and Python online development technologies are also vulnerable when using system / exec or os.system / os.popen calls, respectively.
')
An example of a vulnerable application is a common cPanel hosting control panel. There are other exploitation methods associated with the use of the ForceCommand restricted mechanism in OpenSSH, implemented in systems such as Git and Subversion.
There is information that a number of security researchers, in particular @ErrataRob, are already actively scanning the global network in search of vulnerable servers.
Positive Technologies experts recommend urgently installing a security update on all public GNU / Linux servers, because of the negative consequences of this vulnerability may be comparable to the sensational error in OpenSSL - HeartBleed. In the area of ​​risk systems are remote control servers and industrial systems. Often, they are designed with extensive use of shell-based technologies and are extremely rarely updated. Other potential hacking candidates using a new vulnerability are access points, routers, embedded devices, printers, and in general any devices connected by the Internet of Things.
Moreover, a potential attack can also be made on user devices such as smartphones and tablets running Android: simply connect to an attacker-controlled wireless access point. Such attacks are most dangerous in crowded places where people actively use Wi-Fi — in a cafe, in the subway, at the airport.
“This vulnerability is remarkable in that it uses a completely“ legal ”command shell mechanism, combined with the common use of operating system commands in the * nix-community. Unfortunately, many embedded devices used in both corporate networks and home systems are potentially vulnerable to a ShellShock attack. Compounding the matter is the fact that the systems on such devices are extremely rarely updated and often contain outdated versions of the OS and system components. Users of smartphones, tablets and laptops running Linux and Mac OS X are not recommended to connect to unfamiliar wireless access points before installing a security update, ”said Sergey Gordeychik, deputy general director of Positive Technologies.
The built-in protection mechanisms of Positive Technologies Application Firewall applications, even in its basic configuration, allow detecting and blocking the ShellShock attack. Clients of the Advanced Border Control service will receive prompt notifications of identified shortcomings.
More information about the vulnerability: www.securitylab.ru/vulnerability/458762.php
Source: https://habr.com/ru/post/238145/
All Articles