SlideShare a Scribd company logo
ShellShock Introduction
Jie Liau @ Oct/08/2014
Introduction
● An example of an ACE (Arbitrary Code Execution)
vulnerability dedicated for BASH shell
– Could be leveraged by uploading/running a program that
gives attackers a simple way of controlling the targeted
machine
● This vulnerability had existed undiscovered since appro
version 1.13 in 1992
Cause
● Environment Variables
– One program starts another program, it provides an
initial list of environment variables for the new
program
– Bash
● Command interpreter
● Command
● It is possible to execute Bash from within itself
– Trigger point
● () { :;};
Inside Code
http://blog.erratasec.com/2014/09/the-shockingly-bad-code-of-
bash.html#.VDODH-JBp2I
● Original instance can export environment variables and function
definitions into the new instance.
● Function definitions are exported by encoding them within the
environment variable list as variables whose values begin with
parentheses ("()") followed by a function definition
● The new instance of Bash, upon starting, scans its environment
variable list for values in this format and converts them back
into internal functions. It performs this conversion by creating a
fragment of code from the value and executing it
● Affected versions do not verify that the fragment is a valid
function definition
● initialize_shell_variable()
CVE #
● CVE-2014-6271
● CVE-2014-6277
● CVE-2014-6278
● CVE-2014-7169
● CVE-2014-7186
● CVE-2014-7187
How to check
● #env x=’() { :;}; echo 12345’ bash -c ‘echo 54321’
– 12345
– 54321
● #env x=’() { :;}; echo 12345’ bash -c ‘echo 54321’
– 54321
Specific Exploitation Vector
● CGI-based web server
● SSH server
● DHCP
● Email system
Vulnerable Function of Language
Perl exec(“date > /dev/null”);
open(FD, “| date > /dev/null”);
system(“date > /dev/null”);
print `date > /dev/null`;
PHP exec(‘date);
system(‘date’);
mb_send_mail();
Python os.system(‘date’)
subprocess.call(‘date’, shell =True)
subprocess.Popen(‘date’, shell=True)
Ruby `date`
exec ‘date’
system ‘date’
Demo
Conclusion
● Upgrade your bash and stay calm

More Related Content

What's hot

Function & procedure
Function & procedureFunction & procedure
Function & procedure
atishupadhyay
 
Raman
RamanRaman
Raman
raman_kaur
 
React js t3 - es6
React js   t3 - es6React js   t3 - es6
React js t3 - es6
Jainul Musani
 
Testing Web Apps with Spring Framework
Testing Web Apps with Spring FrameworkTesting Web Apps with Spring Framework
Testing Web Apps with Spring Framework
Dmytro Chyzhykov
 
Spring AOP
Spring AOPSpring AOP
Spring AOP
Lhouceine OUHAMZA
 
Testing
TestingTesting
Testing
Shweta Grover
 
Implementing Generic Servers for Eclipse WebTools
Implementing Generic Servers for Eclipse WebToolsImplementing Generic Servers for Eclipse WebTools
Implementing Generic Servers for Eclipse WebTools
Gorkem Ercan
 
M5 l7-rails controllers-response-handout
M5 l7-rails controllers-response-handoutM5 l7-rails controllers-response-handout
M5 l7-rails controllers-response-handout
Nolboo Kim
 
Asynkron programmering i Visual Studio 11
Asynkron programmering i Visual Studio 11Asynkron programmering i Visual Studio 11
Asynkron programmering i Visual Studio 11
MortenWennevik
 
React js t4 - components
React js   t4 - componentsReact js   t4 - components
React js t4 - components
Jainul Musani
 
Ch 4 linker loader
Ch 4 linker loaderCh 4 linker loader
Ch 4 linker loader
Malek Sumaiya
 
M expression
M expressionM expression
M expression
Vasanthii Chowdary
 
Prometheus and Grafana
Prometheus and GrafanaPrometheus and Grafana
Prometheus and Grafana
Lhouceine OUHAMZA
 
Soot for dummies
Soot for dummiesSoot for dummies
Soot for dummies
Leandro Lera Romero
 

What's hot (14)

Function & procedure
Function & procedureFunction & procedure
Function & procedure
 
Raman
RamanRaman
Raman
 
React js t3 - es6
React js   t3 - es6React js   t3 - es6
React js t3 - es6
 
Testing Web Apps with Spring Framework
Testing Web Apps with Spring FrameworkTesting Web Apps with Spring Framework
Testing Web Apps with Spring Framework
 
Spring AOP
Spring AOPSpring AOP
Spring AOP
 
Testing
TestingTesting
Testing
 
Implementing Generic Servers for Eclipse WebTools
Implementing Generic Servers for Eclipse WebToolsImplementing Generic Servers for Eclipse WebTools
Implementing Generic Servers for Eclipse WebTools
 
M5 l7-rails controllers-response-handout
M5 l7-rails controllers-response-handoutM5 l7-rails controllers-response-handout
M5 l7-rails controllers-response-handout
 
Asynkron programmering i Visual Studio 11
Asynkron programmering i Visual Studio 11Asynkron programmering i Visual Studio 11
Asynkron programmering i Visual Studio 11
 
React js t4 - components
React js   t4 - componentsReact js   t4 - components
React js t4 - components
 
Ch 4 linker loader
Ch 4 linker loaderCh 4 linker loader
Ch 4 linker loader
 
M expression
M expressionM expression
M expression
 
Prometheus and Grafana
Prometheus and GrafanaPrometheus and Grafana
Prometheus and Grafana
 
Soot for dummies
Soot for dummiesSoot for dummies
Soot for dummies
 

Similar to Shell Shock

HPC_MPI_CICID_OA.pptx
HPC_MPI_CICID_OA.pptxHPC_MPI_CICID_OA.pptx
HPC_MPI_CICID_OA.pptx
ObjectAutomation2
 
module 4.docx
module 4.docxmodule 4.docx
module 4.docx
GOKULDEV20
 
Unit 3
Unit 3Unit 3
Unit 3
pm_ghate
 
Composer namespacing
Composer namespacingComposer namespacing
Composer namespacing
Deepak Chandani
 
Autotools
AutotoolsAutotools
Autotools
Vibha Singh
 
Kirill Rozin - Practical Wars for Automatization
Kirill Rozin - Practical Wars for AutomatizationKirill Rozin - Practical Wars for Automatization
Kirill Rozin - Practical Wars for Automatization
Sergey Arkhipov
 
Introduction To Embedding The PH7 PHP Engine in a C/C++ Host Application.
Introduction To Embedding The PH7 PHP Engine in a C/C++ Host Application.Introduction To Embedding The PH7 PHP Engine in a C/C++ Host Application.
Introduction To Embedding The PH7 PHP Engine in a C/C++ Host Application.
Chems Mrad
 
CSO Laboratory Manual
CSO Laboratory ManualCSO Laboratory Manual
CSO Laboratory Manual
Dwight Sabio
 
Build server
Build serverBuild server
Build server
Christophe Vanlancker
 
BACKGROUND A shell provides a command-line interface for users. I.docx
BACKGROUND A shell provides a command-line interface for users. I.docxBACKGROUND A shell provides a command-line interface for users. I.docx
BACKGROUND A shell provides a command-line interface for users. I.docx
wilcockiris
 
CS8251_QB_answers.pdf
CS8251_QB_answers.pdfCS8251_QB_answers.pdf
CS8251_QB_answers.pdf
vino108206
 
Introduction To C++ programming and its basic concepts
Introduction To C++ programming and its basic conceptsIntroduction To C++ programming and its basic concepts
Introduction To C++ programming and its basic concepts
ssuserf86fba
 
APACHE
APACHEAPACHE
APACHE
ARJUN
 
Dependency management with Composer
Dependency management with ComposerDependency management with Composer
Dependency management with Composer
Jason Grimes
 
Firebird 3: provider-based architecture, plugins and OO approach to API
Firebird 3: provider-based architecture, plugins and OO approach to API Firebird 3: provider-based architecture, plugins and OO approach to API
Firebird 3: provider-based architecture, plugins and OO approach to API
Mind The Firebird
 
Loaders
LoadersLoaders
Node js Global Packages
Node js Global PackagesNode js Global Packages
Node js Global Packages
sanskriti agarwal
 
Autotools
AutotoolsAutotools
Autotools
Vibha Singh
 
First session quiz
First session quizFirst session quiz
First session quiz
Keroles karam khalil
 
First session quiz
First session quizFirst session quiz
First session quiz
Keroles karam khalil
 

Similar to Shell Shock (20)

HPC_MPI_CICID_OA.pptx
HPC_MPI_CICID_OA.pptxHPC_MPI_CICID_OA.pptx
HPC_MPI_CICID_OA.pptx
 
module 4.docx
module 4.docxmodule 4.docx
module 4.docx
 
Unit 3
Unit 3Unit 3
Unit 3
 
Composer namespacing
Composer namespacingComposer namespacing
Composer namespacing
 
Autotools
AutotoolsAutotools
Autotools
 
Kirill Rozin - Practical Wars for Automatization
Kirill Rozin - Practical Wars for AutomatizationKirill Rozin - Practical Wars for Automatization
Kirill Rozin - Practical Wars for Automatization
 
Introduction To Embedding The PH7 PHP Engine in a C/C++ Host Application.
Introduction To Embedding The PH7 PHP Engine in a C/C++ Host Application.Introduction To Embedding The PH7 PHP Engine in a C/C++ Host Application.
Introduction To Embedding The PH7 PHP Engine in a C/C++ Host Application.
 
CSO Laboratory Manual
CSO Laboratory ManualCSO Laboratory Manual
CSO Laboratory Manual
 
Build server
Build serverBuild server
Build server
 
BACKGROUND A shell provides a command-line interface for users. I.docx
BACKGROUND A shell provides a command-line interface for users. I.docxBACKGROUND A shell provides a command-line interface for users. I.docx
BACKGROUND A shell provides a command-line interface for users. I.docx
 
CS8251_QB_answers.pdf
CS8251_QB_answers.pdfCS8251_QB_answers.pdf
CS8251_QB_answers.pdf
 
Introduction To C++ programming and its basic concepts
Introduction To C++ programming and its basic conceptsIntroduction To C++ programming and its basic concepts
Introduction To C++ programming and its basic concepts
 
APACHE
APACHEAPACHE
APACHE
 
Dependency management with Composer
Dependency management with ComposerDependency management with Composer
Dependency management with Composer
 
Firebird 3: provider-based architecture, plugins and OO approach to API
Firebird 3: provider-based architecture, plugins and OO approach to API Firebird 3: provider-based architecture, plugins and OO approach to API
Firebird 3: provider-based architecture, plugins and OO approach to API
 
Loaders
LoadersLoaders
Loaders
 
Node js Global Packages
Node js Global PackagesNode js Global Packages
Node js Global Packages
 
Autotools
AutotoolsAutotools
Autotools
 
First session quiz
First session quizFirst session quiz
First session quiz
 
First session quiz
First session quizFirst session quiz
First session quiz
 

More from Jie Liau

iThome_CYBERSEC2024_Drive_Into_the_DarkWeb
iThome_CYBERSEC2024_Drive_Into_the_DarkWebiThome_CYBERSEC2024_Drive_Into_the_DarkWeb
iThome_CYBERSEC2024_Drive_Into_the_DarkWeb
Jie Liau
 
OWASPAPISecurity
OWASPAPISecurityOWASPAPISecurity
OWASPAPISecurity
Jie Liau
 
HowYourAPIBeMyAPI
HowYourAPIBeMyAPIHowYourAPIBeMyAPI
HowYourAPIBeMyAPI
Jie Liau
 
iThome CyberSec2021 Container Security
iThome CyberSec2021 Container SecurityiThome CyberSec2021 Container Security
iThome CyberSec2021 Container Security
Jie Liau
 
Container Security
Container SecurityContainer Security
Container Security
Jie Liau
 
Protecting Your Internet Route Integrity
Protecting Your Internet Route IntegrityProtecting Your Internet Route Integrity
Protecting Your Internet Route Integrity
Jie Liau
 
The Tor Network
The Tor NetworkThe Tor Network
The Tor Network
Jie Liau
 
IBM X-Force Threat Intelligence Index 2017
IBM X-Force Threat Intelligence Index 2017IBM X-Force Threat Intelligence Index 2017
IBM X-Force Threat Intelligence Index 2017
Jie Liau
 
DDoS
DDoSDDoS
DDoS
Jie Liau
 

More from Jie Liau (9)

iThome_CYBERSEC2024_Drive_Into_the_DarkWeb
iThome_CYBERSEC2024_Drive_Into_the_DarkWebiThome_CYBERSEC2024_Drive_Into_the_DarkWeb
iThome_CYBERSEC2024_Drive_Into_the_DarkWeb
 
OWASPAPISecurity
OWASPAPISecurityOWASPAPISecurity
OWASPAPISecurity
 
HowYourAPIBeMyAPI
HowYourAPIBeMyAPIHowYourAPIBeMyAPI
HowYourAPIBeMyAPI
 
iThome CyberSec2021 Container Security
iThome CyberSec2021 Container SecurityiThome CyberSec2021 Container Security
iThome CyberSec2021 Container Security
 
Container Security
Container SecurityContainer Security
Container Security
 
Protecting Your Internet Route Integrity
Protecting Your Internet Route IntegrityProtecting Your Internet Route Integrity
Protecting Your Internet Route Integrity
 
The Tor Network
The Tor NetworkThe Tor Network
The Tor Network
 
IBM X-Force Threat Intelligence Index 2017
IBM X-Force Threat Intelligence Index 2017IBM X-Force Threat Intelligence Index 2017
IBM X-Force Threat Intelligence Index 2017
 
DDoS
DDoSDDoS
DDoS
 

Recently uploaded

制作原版1:1(Monash毕业证)莫纳什大学毕业证成绩单办理假
制作原版1:1(Monash毕业证)莫纳什大学毕业证成绩单办理假制作原版1:1(Monash毕业证)莫纳什大学毕业证成绩单办理假
制作原版1:1(Monash毕业证)莫纳什大学毕业证成绩单办理假
ukwwuq
 
制作毕业证书(ANU毕业证)莫纳什大学毕业证成绩单官方原版办理
制作毕业证书(ANU毕业证)莫纳什大学毕业证成绩单官方原版办理制作毕业证书(ANU毕业证)莫纳什大学毕业证成绩单官方原版办理
制作毕业证书(ANU毕业证)莫纳什大学毕业证成绩单官方原版办理
cuobya
 
7 Best Cloud Hosting Services to Try Out in 2024
7 Best Cloud Hosting Services to Try Out in 20247 Best Cloud Hosting Services to Try Out in 2024
7 Best Cloud Hosting Services to Try Out in 2024
Danica Gill
 
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
3ipehhoa
 
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptxBridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
Brad Spiegel Macon GA
 
假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理
假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理
假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理
cuobya
 
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
keoku
 
Understanding User Behavior with Google Analytics.pdf
Understanding User Behavior with Google Analytics.pdfUnderstanding User Behavior with Google Analytics.pdf
Understanding User Behavior with Google Analytics.pdf
SEO Article Boost
 
Internet of Things in Manufacturing: Revolutionizing Efficiency & Quality | C...
Internet of Things in Manufacturing: Revolutionizing Efficiency & Quality | C...Internet of Things in Manufacturing: Revolutionizing Efficiency & Quality | C...
Internet of Things in Manufacturing: Revolutionizing Efficiency & Quality | C...
CIOWomenMagazine
 
[HUN][hackersuli] Red Teaming alapok 2024
[HUN][hackersuli] Red Teaming alapok 2024[HUN][hackersuli] Red Teaming alapok 2024
[HUN][hackersuli] Red Teaming alapok 2024
hackersuli
 
学位认证网(DU毕业证)迪肯大学毕业证成绩单一比一原版制作
学位认证网(DU毕业证)迪肯大学毕业证成绩单一比一原版制作学位认证网(DU毕业证)迪肯大学毕业证成绩单一比一原版制作
学位认证网(DU毕业证)迪肯大学毕业证成绩单一比一原版制作
zyfovom
 
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
ufdana
 
成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理
成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理
成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理
ysasp1
 
Italy Agriculture Equipment Market Outlook to 2027
Italy Agriculture Equipment Market Outlook to 2027Italy Agriculture Equipment Market Outlook to 2027
Italy Agriculture Equipment Market Outlook to 2027
harveenkaur52
 
国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理
国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理
国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理
zoowe
 
manuaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaal
manuaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaalmanuaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaal
manuaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaal
wolfsoftcompanyco
 
存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理
存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理
存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理
fovkoyb
 
可查真实(Monash毕业证)西澳大学毕业证成绩单退学买
可查真实(Monash毕业证)西澳大学毕业证成绩单退学买可查真实(Monash毕业证)西澳大学毕业证成绩单退学买
可查真实(Monash毕业证)西澳大学毕业证成绩单退学买
cuobya
 
Gen Z and the marketplaces - let's translate their needs
Gen Z and the marketplaces - let's translate their needsGen Z and the marketplaces - let's translate their needs
Gen Z and the marketplaces - let's translate their needs
Laura Szabó
 
办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理
办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理
办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理
uehowe
 

Recently uploaded (20)

制作原版1:1(Monash毕业证)莫纳什大学毕业证成绩单办理假
制作原版1:1(Monash毕业证)莫纳什大学毕业证成绩单办理假制作原版1:1(Monash毕业证)莫纳什大学毕业证成绩单办理假
制作原版1:1(Monash毕业证)莫纳什大学毕业证成绩单办理假
 
制作毕业证书(ANU毕业证)莫纳什大学毕业证成绩单官方原版办理
制作毕业证书(ANU毕业证)莫纳什大学毕业证成绩单官方原版办理制作毕业证书(ANU毕业证)莫纳什大学毕业证成绩单官方原版办理
制作毕业证书(ANU毕业证)莫纳什大学毕业证成绩单官方原版办理
 
7 Best Cloud Hosting Services to Try Out in 2024
7 Best Cloud Hosting Services to Try Out in 20247 Best Cloud Hosting Services to Try Out in 2024
7 Best Cloud Hosting Services to Try Out in 2024
 
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
 
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptxBridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptx
 
假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理
假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理
假文凭国外(Adelaide毕业证)澳大利亚国立大学毕业证成绩单办理
 
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
一比一原版(SLU毕业证)圣路易斯大学毕业证成绩单专业办理
 
Understanding User Behavior with Google Analytics.pdf
Understanding User Behavior with Google Analytics.pdfUnderstanding User Behavior with Google Analytics.pdf
Understanding User Behavior with Google Analytics.pdf
 
Internet of Things in Manufacturing: Revolutionizing Efficiency & Quality | C...
Internet of Things in Manufacturing: Revolutionizing Efficiency & Quality | C...Internet of Things in Manufacturing: Revolutionizing Efficiency & Quality | C...
Internet of Things in Manufacturing: Revolutionizing Efficiency & Quality | C...
 
[HUN][hackersuli] Red Teaming alapok 2024
[HUN][hackersuli] Red Teaming alapok 2024[HUN][hackersuli] Red Teaming alapok 2024
[HUN][hackersuli] Red Teaming alapok 2024
 
学位认证网(DU毕业证)迪肯大学毕业证成绩单一比一原版制作
学位认证网(DU毕业证)迪肯大学毕业证成绩单一比一原版制作学位认证网(DU毕业证)迪肯大学毕业证成绩单一比一原版制作
学位认证网(DU毕业证)迪肯大学毕业证成绩单一比一原版制作
 
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
一比一原版(CSU毕业证)加利福尼亚州立大学毕业证成绩单专业办理
 
成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理
成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理
成绩单ps(UST毕业证)圣托马斯大学毕业证成绩单快速办理
 
Italy Agriculture Equipment Market Outlook to 2027
Italy Agriculture Equipment Market Outlook to 2027Italy Agriculture Equipment Market Outlook to 2027
Italy Agriculture Equipment Market Outlook to 2027
 
国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理
国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理
国外证书(Lincoln毕业证)新西兰林肯大学毕业证成绩单不能毕业办理
 
manuaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaal
manuaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaalmanuaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaal
manuaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaal
 
存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理
存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理
存档可查的(USC毕业证)南加利福尼亚大学毕业证成绩单制做办理
 
可查真实(Monash毕业证)西澳大学毕业证成绩单退学买
可查真实(Monash毕业证)西澳大学毕业证成绩单退学买可查真实(Monash毕业证)西澳大学毕业证成绩单退学买
可查真实(Monash毕业证)西澳大学毕业证成绩单退学买
 
Gen Z and the marketplaces - let's translate their needs
Gen Z and the marketplaces - let's translate their needsGen Z and the marketplaces - let's translate their needs
Gen Z and the marketplaces - let's translate their needs
 
办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理
办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理
办理毕业证(UPenn毕业证)宾夕法尼亚大学毕业证成绩单快速办理
 

Shell Shock

  • 2. Introduction ● An example of an ACE (Arbitrary Code Execution) vulnerability dedicated for BASH shell – Could be leveraged by uploading/running a program that gives attackers a simple way of controlling the targeted machine ● This vulnerability had existed undiscovered since appro version 1.13 in 1992
  • 3. Cause ● Environment Variables – One program starts another program, it provides an initial list of environment variables for the new program – Bash ● Command interpreter ● Command ● It is possible to execute Bash from within itself – Trigger point ● () { :;};
  • 4. Inside Code http://blog.erratasec.com/2014/09/the-shockingly-bad-code-of- bash.html#.VDODH-JBp2I ● Original instance can export environment variables and function definitions into the new instance. ● Function definitions are exported by encoding them within the environment variable list as variables whose values begin with parentheses ("()") followed by a function definition ● The new instance of Bash, upon starting, scans its environment variable list for values in this format and converts them back into internal functions. It performs this conversion by creating a fragment of code from the value and executing it ● Affected versions do not verify that the fragment is a valid function definition ● initialize_shell_variable()
  • 5. CVE # ● CVE-2014-6271 ● CVE-2014-6277 ● CVE-2014-6278 ● CVE-2014-7169 ● CVE-2014-7186 ● CVE-2014-7187
  • 6. How to check ● #env x=’() { :;}; echo 12345’ bash -c ‘echo 54321’ – 12345 – 54321 ● #env x=’() { :;}; echo 12345’ bash -c ‘echo 54321’ – 54321
  • 7. Specific Exploitation Vector ● CGI-based web server ● SSH server ● DHCP ● Email system
  • 8. Vulnerable Function of Language Perl exec(“date > /dev/null”); open(FD, “| date > /dev/null”); system(“date > /dev/null”); print `date > /dev/null`; PHP exec(‘date); system(‘date’); mb_send_mail(); Python os.system(‘date’) subprocess.call(‘date’, shell =True) subprocess.Popen(‘date’, shell=True) Ruby `date` exec ‘date’ system ‘date’
  • 10. Conclusion ● Upgrade your bash and stay calm