Page 1 of 2
Shellshock - BASH shell
Posted: Fri Sep 26, 2014 5:32 am
by Pigeon
Bash can also be used to run commands passed to it by applications and it is this feature that the vulnerability affects. One type of command that can be sent to Bash allows environment variables to be set. Environment variables are dynamic, named values that affect the way processes are run on a computer. The vulnerability lies in the fact that an attacker can tack-on malicious code to the environment variable, which will run once the variable is received.
Re: Shellshock - BASH shell
Posted: Fri Sep 26, 2014 5:37 am
by Royal
Is there an example of this in nature?
Seems like whatever happens with computers... virus, worms, trojans... there is a comparable example.
Re: Shellshock - BASH shell
Posted: Fri Sep 26, 2014 5:41 am
by Pigeon
Just something overlooked in parsing data being input or something that might not be a good idea to do in the first place. I haven't seen an actual example.
Re: Shellshock - BASH shell
Posted: Fri Sep 26, 2014 5:43 am
by Royal
The more I read it, it just seems like a vulnerability than a form of attack.
Hyphy music - losing my IQ.
Re: Shellshock - BASH shell
Posted: Fri Sep 26, 2014 5:45 am
by Pigeon
Attacks can be made because it is a vulnerability. So you are actually correct.
Re: Shellshock - BASH shell
Posted: Fri Sep 26, 2014 5:46 am
by Royal
I see. A form of attack suited to the vulnerability.
Re: Shellshock - BASH shell
Posted: Fri Sep 26, 2014 5:48 am
by Pigeon
Royal wrote:I see. A form of attack suited to the vulnerability.
winner.
That's basically how most of these things work.
Re: Shellshock - BASH shell
Posted: Fri Sep 26, 2014 5:49 am
by Pigeon
Looks like it has existed the whole time but someone just now discovered it.
Re: Shellshock - BASH shell
Posted: Fri Sep 26, 2014 5:51 am
by Royal
What now?
Re: Shellshock - BASH shell
Posted: Fri Sep 26, 2014 5:58 am
by Pigeon
Link with video example here