http://arstechnica.com/security/2014/09/concern-over-bash-vulnerability-grows-as-exploit-reported-in-the-wild/
By Sean Gallagher
Ars Technica
Sept 25, 2014
The vulnerability reported in the GNU Bourne Again Shell (Bash) yesterday,
dubbed "Shellshock," may already have been exploited in the wild to take
over Web servers as part of a botnet. More security experts are now
weighing in on the severity of the bug, expressing fears that it could be
used for an Internet "worm" to exploit large numbers of public Web
servers. And the initial fix for the issue still left Bash vulnerable to
attack, according to a new US CERT National Vulnerability Database entry.
A second vulnerability in Bash allows for an attacker to overwrite files
on the targeted system.
Update: The vulnerability was addressed by the maintainer of Bash, Chet
Ramey, in an email to the Open Source Software Security (oss-sec) mailing
list. An unofficial patch that fixes the problem has been developed, but
there is as of yet no official patch that completely addresses both
vulnerabilities.
In a blog post yesterday, Robert Graham of Errata Security noted that
someone is already using a massive Internet scan to locate vulnerable
servers for attack. In a brief scan, he found over 3,000 servers that were
vulnerable "just on port 80"—the Internet Protocol port used for normal
Web Hypertext Transfer Protocol (HTTP) requests. And his scan broke after
a short period, meaning that there could be vast numbers of other servers
vulnerable. A Google search by Ars using advanced search parameters
yielded over two billion webpages that at least partially fit the profile
for the Shellshock exploit.
"It's things like CGI scripts that are vulnerable, deep within a website
(like CPanel's /cgi-sys/defaultwebpage.cgi)," Graham wrote. CPanel is a
Web server control panel system used by many Web hosting providers.
"Getting just the root page is the thing least likely to be vulnerable.
Spidering the site and testing well-known CGI scripts (like the CPanel
one) would give a lot more results—at least 10x."
[...]
--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/
