2. Shellshock is a security bug in Bash command-line
interpreter(CLI)
Revealed by Linux expert Stephane Chazelas on 24th
September, 2014. It’s a 10 years old bug !!
Allows attackers to gain unauthorized access to systems
by executing arbitrary commands
High impact on Linux and Mac OS, where Bash is the
default CLI
Shell Shock Vulnerability
3. Found under Bash’s parsing code which unintentionally executes
commands when concatenated, to the end of function definitions that are
stored in the values of environment variables.
Where the bug occurs ?
4. HTTP Servers: Servers that run on CGI have the
capability to expose Bash to a HTTP request,
hence a malicious HTTP request can inject
arbitrary commands onto the server with Bash
invoking it to execute them
SSH: Bash is capable of overcoming the
restriction of user authentication with privileged
escalations for accessing the commands
How attacker exploiting it ?
5. Execute the following commands from terminal:
If the output contains the word ‘vulnerable’, then
system is vulnerable
How to test it?
6. By upgrading to the latest version of Bash
“yum update bash” is the command for CentOS
and Red Hat Linux
How to fix it ?
7. “Padding Oracle On Downgraded Legacy
Encryption”
Man-in-the-middle exploit which takes advantage
of security software client’s fallback to SSL 3.0
Google security team discovered this on October
14, 2014
If attackers successful exploit, they need only 256
SSL 3.0 requests to reveal one byte of encrypted
message
Poodle Attack
8. Poodle can be used to target browser based
communication that relies on SSL 3.0 (Secure
Sockets Layer) for encryption and authentication
This allows attacker to paddle data at the end of
block cipher, so that the encryption cipher
became less secured
Poodle can force the browser to use SSL 3.0
Where the bug occurs ?
9. Disable SSL 3.0 on all protocols
Enable TLS(Transport Layer Security) 1.0
Prevent TLS 1.0 downgrade attacks by ensuring
both client and server supports only TLS
How to fix it?