Shellshock vulnerability

OWASP 2013-A1 OWASP 2017-A9 OWASP 2021-A6 PCI v3.2-6.5.1 CAPEC-88 CWE-78 HIPAA-164.306(a) ISO27001-A.14.2.5 WASC-31

Shellshock is a vulnerability that affects all operating systems (Linux and Unix based) that allows an attacker to gain complete access to a victim’s computer. This vulnerability targets the bash present in the operating system. Bash is a command language interpreter. The attacker sends malicious environment variable to the bash of the web server deployment. The environment variable controls the output of the processes on the system. This bug allows an attacker to exploit any vulnerable versions of Bash to execute any custom commands and will also allow him to gain unauthorised access to a computer system.

The attacker makes a remote connection to the server. The attacker sends requests to the server to make the malicious environment variable to the bash. The attacker usually uses CGI to make requests using the environment variable. As the server uses bash to interpret the variable, the attacker will be able to successfully launch the attack.

Example

        GET http://example.beaglesecurity.com/cgi-bin/beaglesecurity.cgi HTTP/1.1
        User-Agent: AppFabs
        Host: shellshock.appfabs.com
        Referer: () { :;}; echo "NS:" $(</etc/passwd)

    

Impact

The impact include:-

  • Reading, updating and deleting arbitrary data/tables from the database
  • Executing commands on the underlying operating system

Mitigation / Precaution

This vulnerability can be fixed by:-

  • Try not to process the user data directly as variables in web/bash code.
  • Make sure to sanitise the user input and remove all un-needed characters so that developers can disrupt an attack before it takes place.
  • Use systematic scanning.







Latest Articles