Stack Overflow
Stack Overflow

Questions tagged [shellshock-bash-bug]

GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment

GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution.

For more information, see CVE-2014-6271 and CVE-2014-7169

40 questions
0
votes
1 answer

What is the correct way to export a bash function after the shellshock updates?

I am having problems with a script currently, but I'm not sure of the correct syntax. I think the script was broken with the shellshock patch to bash, but I just want to check. What is the correct way to export a bash function since the shellshock…
digitaLink
  • 458
  • 3
  • 17
0
votes
0 answers

Can shellshock redirect my visits on nginx?

I have a problem with my nginx webserver Once a day some clients get redirected to random webpages (bad ones), I've checked for malware, virus and nothing comes up. But I recently read about CDorked infection and I installed tools to detect it and…
Diego Velez
  • 1,584
  • 1
  • 16
  • 20
0
votes
1 answer

Regexp to parse apache2 log, handle SHELLSHOCK bash hack

I want to parse Apache2 log files and found an otherwise good regexp here to do so, using the regexp below: /^(\S+) (\S+) (\S+) \[([^:]+):(\d+:\d+:\d+) ([^\]]+)\] \"(\S+) (.*?) (\S+)\" (\S+) (\S+) "([^"]*)" "([^"]*)"$/ The problem is this regexp…
Charlie
  • 128
  • 5
0
votes
1 answer

How do I restore CronTab to my WebMin system

I don't know if this was an effect of the shellshock attack which my server was victim to (or another attack that worked) but it basically enabled the hacker to overwrite my SSH config file when the server rebooted. This new file used wget to load…
MonkeyMagix
  • 677
  • 2
  • 10
  • 30
0
votes
1 answer

RoR: Could not load OpenSSL (after Apple's Bash fix today)

Hoping someone can help explain and or advise me on this error I'm catching after i tried to re-install rails via rvm after running Apple's bash shellshock fix today. I upgraded to OSX 10.9.5 mav and ran the Bash Shellshock, then my RoR apps needed…
JScalifornia
  • 11
  • 2
0
votes
1 answer

Root Cause of Shellshock Bash bug

I don't get the root cause of shellshock bash bug such as CVE-2014-6271. As far as I understand, shellshock happens if there is a malicious code inside the application packet header. For example, if HTTP header includes http-header[Cookie] = () {…
John Doyle
  • 898
  • 2
  • 9
  • 22
0
votes
1 answer

How can one prevent Apache executing the request line as a bash command?

I'm running several virtual hosts on Apache 2.2.22 and just noticed a rather alarming incident in the logs where a "security scanner" from Iceland was able to wget a file into a cgi-bin directory with the following http request line: () { :;};…
Robert Imhoff
  • 471
  • 4
  • 6
0
votes
4 answers

How do I upgrade Bash in Mac OSX Snow Leopard [and set it the correct path]?

I want to update my Bash (and Sh) programs in my Mac OS X Snow Leopard (10.6.8), in light of the recent bugs to bash - Shellshock. I am purposely using 10.6.8, so I don't want to update to a newer version of OS X right now. I have read this Q&A -…
C-K
  • 1
  • 1
  • 1
-3
votes
1 answer

How to restore default bash PATH in mountain lion, I update bash for avoiding shellshock so i can´t start up

I was upgrading bash for patching the shellshock vulnerability, so i follow a tutorial and i guess i messed up by replacing the old bin/bash $PATH, so i can´t login to my macbook... The tutorial says: If you are very paranoid, you can remove…
wakarnaker
  • 9
-6
votes
1 answer

what exactly env command do?

i recently came across the shellshock bug, which is a bug in the bash shell. somehow it uses the env command to create environment variables containing functions. $ env x='() { :;}; echo vulnerable' bash -c "echo this is a test" These functions…
Haris
  • 12,120
  • 6
  • 43
  • 70
1 2
3