-1

A common pc running bash inside a home LAN network (with a router/gateway providing internet access to the LAN) does not have any contact with the external internet, except browser navigation and the mailreader (with no port forward in the router and with a secure DHCP server).

If no one from inside the LAN does attack that pc, is it anyway vulnerable to Shellshock due to external attacks? In other words: could an external attacker exploit the internet navigation or the mail reading/sending in order to penetrate that host in the LAN?

BowPark
  • 109
  • 4
  • Since you are inside the lan then your perimeter devices will be affected by this vulnerability. – ifexploit Oct 06 '14 at 09:32
  • This question is too generic. Potentially, any system with BASH installed is vulnerable to the bug. Whether (and how) it can be exploited, however, is directly dependent on the environment. – Stephane Oct 06 '14 at 09:32
  • I just modified my question, hoping that now it is less generic. – BowPark Oct 06 '14 at 09:47
  • I'm afraid it's not enough. What you're asking is simlar to "can someone see what is on my TV screen from the outside": without a good description of what your layout looks like, it cannot be answered. Furthermore, it's is doubtful the answer to the specific question will be useful to others. – Stephane Oct 06 '14 at 10:08

1 Answers1

5

It's impossible to say.

Assuming you don't have any ports forwarded to the PC and your router provides a DHCP server for your LAN, you aren't vulnerable to the classic attack vectors (CGI scripts on a webserver, a rogue DHCP server, or bypassing SSH command restrictions). However, bash is ubiquitous: you might be vulnerable to a program running something like system("file $path") to determine the type of an email attachment, or any of a variety of other attack vectors.

Mark
  • 34,390
  • 9
  • 85
  • 134