Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Thu 05 Dec 2019, 16:55
All times are UTC - 4
 Forum index » Off-Topic Area » Security
Remote Exploit Vulnerability Found In Bash
Post new topic   Reply to topic View previous topic :: View next topic
Page 1 of 1 [5 Posts]  
Author Message
James C


Joined: 26 Mar 2009
Posts: 6734
Location: Kentucky

PostPosted: Wed 24 Sep 2014, 19:01    Post subject:  Remote Exploit Vulnerability Found In Bash  

Remote Exploit Vulnerability Found In Bash

http://linux.slashdot.org/story/14/09/24/1638207/remote-exploit-vulnerability-found-in-bash

Quote:
A remotely exploitable vulnerability has been discovered by Stephane Chazelas in bash on Linux, and it is unpleasant. The vulnerability has the CVE identifier CVE-2014-6271. This affects Debian as well as other Linux distributions. The major attack vectors that have been identified in this case are HTTP requests and CGI scripts. Another attack surface is OpenSSH through the use of AcceptEnv variables. Also through TERM and SSH_ORIGINAL_COMMAND. An environmental variable with an arbitrary name can carry a nefarious function which can enable network exploitation.
Back to top
View user's profile Send private message 
James C


Joined: 26 Mar 2009
Posts: 6734
Location: Kentucky

PostPosted: Wed 24 Sep 2014, 19:03    Post subject:  

https://marc.info/?l=oss-security&m=141157106132018&w=2

Quote:
Someone has posted large parts of the prenotification as a news
article, so in the interest of full disclosure, here is what we wrote
to the non-vendors (vendors also received patches):

Debian and other GNU/Linux vendors plan to disclose a critical,
remotely exploitable security vulnerability in bash this week, related
to the processing of environment variables. Stephane Chazelas
discovered it, and CVE-2014-6271 has been assigned to it.

The issue is currently under embargo (not public), and you receive
this message as a courtesy notification because we assume that you
have network-based filtering capabilities, so that you can work on
ways to protect a significant number of customers. However, you
should not yet distribute IPS/IDS signatures, publicly or to
customers.

At present, public disclosure is scheduled for Wednesday, 2014-09-24
14:00 UTC. We do not expect the schedule to change, but we may be
forced to revise it.


The technical details of the vulnerability are at the above link.
Back to top
View user's profile Send private message 
mavrothal


Joined: 24 Aug 2009
Posts: 3088

PostPosted: Thu 25 Sep 2014, 01:07    Post subject:  

Bah has been already pached for all major distros and the source code.
Some more info here

_________________
== Here is how to solve your Linux problems fast ==
Back to top
View user's profile Send private message 
Sage

Joined: 04 Oct 2005
Posts: 5501
Location: GB

PostPosted: Thu 25 Sep 2014, 07:30    Post subject:  

Quote:
Ba(s)h has been already pached for all major distros and the source code.

Not so sure about 'already'. Mint bash 4.3.1 arrived about two hours after the news item appeared this morning, which is good, but the vulnerability appears to have existed for a rather long time.
Back to top
View user's profile Send private message 
prehistoric


Joined: 23 Oct 2007
Posts: 1747

PostPosted: Thu 25 Sep 2014, 09:39    Post subject:  

This convinces me that running browsers as special user "spot" is a good idea. I was already doing so. This user only has write access to directories /root/spot and /root/spot/download. Unless they have a way to escalate privileges, I doubt they could exploit this at my end.

The big problem lies at the server end, where there is considerable motivation to fix this quickly and avoid lawsuits for consequential damages.

Is Windows 7 more secure? After my latest battles with machines so badly infested they were unusable, I'd say nobody understands everything Windoze is doing much of the time. This includes Microsoft.

Dumb tricks malicious attackers had pulled: flip the hidden attribute on randomly chosen files to convince the user the disk was failing; remove the hot key for TrustedInstaller from the registry; corrupt the program in the hidden restore partition which checks certificates on downloaded or restored system components. For those not in the know, TrustedInstaller is the program which replaces corrupted system files when found by the system file checker. I didn't try to use a restore point because I simply assumed attackers had managed to insert malware in these, which has become common.

This was the first time I have seen a specific corruption of the hidden restore partition, which is not even visible or mounted in normal operation, to disable checking certificates. I caught on when I was warned that the supplier of CMD.EXE could not be recognized. That program was OK, it was the program which checks certificates that was bad. These were not random faults.

With millions of systems so thoroughly compromised how can you trust anything out on the Internet? If there is no hole in the software for your servers, are you sure about the machine your technical wizards used for remote access when you had a late-night emergency? They would be better off running Puppy from a closed DVD which cannot remember any results from previous attacks.
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 1 of 1 [5 Posts]  
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Off-Topic Area » Security
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0498s ][ Queries: 12 (0.0176s) ][ GZIP on ]