9

I am worried about the millions (actually, worried about mine) of routers/modems that run Linux. How exposed are they to Shellshock?

noderman
  • 397
  • 1
  • 4
  • 9

3 Answers3

11

Most Linux-based routers are running an OpenWRT/DD-WRT derivative. These routers use BusyBox as their shell (Bash is much too heavyweight for the hardware), and consequently are not vulnerable.

Mark
  • 34,390
  • 9
  • 85
  • 134
  • 1
    Here is a [post](https://blog.pfsense.org/?p=1457) from pfsense too. "The base system of pfSense does not include bash." – Christos Sep 26 '14 at 07:21
  • 2
    Is there a way to test if my own router is vulnerable? – CharlesB Sep 26 '14 at 08:18
  • "Most Linux-based routers are running an OpenWRT/DD-WRT derivative." - lolwut? And busybox is not a shell. – Smit Johnth Sep 28 '14 at 01:53
  • 3
    @SmitJohnth, busybox is a multi-call binary that encapsulates most of what you need to run a command-line Linux into a single executable. Run it under the name `sh` or `ash`, and you get a shell derived from `ash`. – Mark Sep 28 '14 at 02:24
  • @Mark So busybox is not a shell but a wrapper for ash, am I right? – Smit Johnth Sep 28 '14 at 02:41
  • 1
    @SmitJohnth, Sort of maybe if you squint at it right. – Mark Sep 28 '14 at 04:47
  • @Mark sort of maybe? It uses ash or other shell, so it would be vulnerable only if ash or this other shell would be vulnerable. – Smit Johnth Oct 05 '14 at 09:00
  • From the OpenWRT website: The OpenWrt standard unix shell is the Busybox-fork of the Debian implementation of the Almquist shell (see → https://www.in-ulm.de/~mascheck/various/ash/#busybox). In case you want to read about it. – Brian Nov 27 '20 at 18:57
4

Ubiquiti Routers running EdgeOS have much beefier hardware, and run a derivative of Vayatta on Linux that includes bash. Those are likely vulnerable.

http://community.ubnt.com/t5/EdgeMAX/Re-Bash-shell-vuln-Is-ER-also-vulnerable/m-p/1024785

David
  • 141
  • 3
1

Endian Community Firewall is also currently vulnerable, even though they have already released a patch for their paying customers. Planning on switching to Sophos UTM soon.

tpaletti
  • 11
  • 1