"Shellshock" bash bug

Robert Heller heller at deepsoft.com
Sat Sep 27 12:31:22 UTC 2014 

At Sat, 27 Sep 2014 07:36:59 +0100 "Ubuntu user technical support,  not for general discussions" <ubuntu-users at lists.ubuntu.com> wrote:

> 
> On 26 September 2014 23:24, Teo En Ming
> <singapore.mr.teo.en.ming at gmail.com> wrote:
> > On 27/09/2014 05:57, Rashkae wrote:
> >>
> >> On 14-09-26 05:50 PM, Colin Law wrote:
> >>>
> >>>
> >>> It is a sheeva plug computer with an Arm processor.  Jaunty was the
> >>> last ubuntu version that supported the chip.
> >>>
> >>> It seems however that my initial assumption is correct, that if they
> >>> cannot login as they do not have the key then they cannot exploit the
> >>> vulnerability.
> >>>
> >>> If someone manages to crack the key and login then the vulnerability
> >>> is the least of my worries I think.
> >>>
> >>> Colin
> >>>
> >>
> >> As far as ssh goes, that is correct, your attack surface there is pretty
> >> small, but you have to be careful about anything else, such as web cgi
> >> scripts, or even a default install of Apache, which can try to fork a
> >> process with bash.  Also, dhcpclient is vulnerable, if the computer ever
> >> tries to get a dhcp address from a a bad dhcp server.
> >>
> >>
> >
> > But dhcp server is usually on a router. I think the hacker would have to
> > hack the router to plant a bad dhcp server there. But then any Linux-based
> > router is also vulnerable to the shellshock bash bug.
> 
> Is that not only true if the router has bash installed? As I asked in
> a previous message how does one know whether one's router may be
> vulnerable?

Actually, no. What would happen is that a 'hacked' router's dhcp server would
send DHCP options as environment variables and the bash on the DHCP *client*
would then execute the code in the specially crafter environment variables...
The *dhcp* server (the router) does not even need bash installed to do this.

Many router firmware uses some version of Busybox or equivalent, rather than 
having bash installed.

> 
> Colin
> 

-- 
Robert Heller             -- 978-544-6933
Deepwoods Software        -- Custom Software Services
http://www.deepsoft.com/  -- Linux Administration Services
heller at deepsoft.com       -- Webhosting Services

More information about the ubuntu-users mailing list