The Bourne-again shell (Bash) is a unix shell. It lets the user run commands on the host machine in as a text based program. Questions using this tag should either be related to vulnerabilities of bash or proper use of specific commands.
Questions tagged [bash]
152 questions
258
votes
17 answers
Provide subjectAltName to openssl directly on the command line
Is it possible to provide a subjectAltName-Extension to the openssl req module directly on the command line?
I know it's possible via a openssl.cnf file, but that's not really elegant for batch-creation of CSRs.
Michael Seiwald
- 2,713
- 2
- 11
- 7
213
votes
5 answers
What is a specific example of how the Shellshock Bash bug could be exploited?
I read some articles (article1, article2, article3, article4) about the Shellshock Bash bug (CVE-2014-6271 reported Sep 24, 2014) and have a general idea of what the vulnerability is and how it could be exploited. To better understand the…
Rob Bednark
- 1,435
- 3
- 10
- 9
77
votes
6 answers
Is there a short command to test if my server is secure against the shellshock bash bug?
I did apt-get update; apt-get upgrade -y on all systems I'm running. I'm not sure if my /etc/apt/sources.list is good enough on all of these systems. I would like to quickly check each system again, ideally with a one-line shell command.
Does such a…
the
- 1,841
- 2
- 16
- 33
50
votes
5 answers
Is using 'echo' to display attacker-controlled data on the terminal dangerous?
Imagine the following code:
ATTACKERDATA="$(cat attackerControlledFile.txt)"
echo "${ATTACKERDATA}"
An attacker can, through whatever arbitrary process, modify the contents of attackerControlledFile.txt to anything they desire. The content can be…
user163495
43
votes
4 answers
How do I secure Apache against the Bash Shellshock vulnerability?
I have an Apache webserver running, and with the recent news of the Shellsock exploit against bash I was wondering if my webserver is vulnerable. I don't think it is, but I want to make sure I'm not mistaken.
I don't use any bash CGI intentionally…
user56147
- 431
- 1
- 4
- 4
41
votes
3 answers
Are ordinary OS X desktops at risk from bash "shellshock" bug (CVE-2014-6271)?
I've recently heard via Twitter about CVE-2014-6271.
Are ordinary OS X desktops, that aren't acting as a web server, at risks of receiving attacks that could exploit this vulnerability?
Andrew Grimm
- 2,100
- 2
- 20
- 27
37
votes
5 answers
Bypassing the command/script specified in /etc/passwd
Consider the following line from /etc/passwd:
sadeq:x:1000:1000:Mohammad Sadeq Dousti,,,:/home/sadeq:/bin/custom-script.sh
The last part, /bin/custom-script.sh, shows the command/script to be run when the user logs in to the system. Currently, it's…
M.S. Dousti
- 1,514
- 17
- 23
26
votes
1 answer
Where is Bash Shellshock vulnerability in source code?
I have been hearing about the Bash Shellshock problem since yesterday and am curious to see where in the source code this problem occurs. I have downloaded the source for Bash 4.2 from here.
Where exactly should I look for Shellshock in the source…
Jake
- 1,095
- 3
- 12
- 20
23
votes
2 answers
What vulnerability is targeted by an HTTP referer starting with (){ :;};/bin/bash
I found this code, followed by several bash commands downloading and running a payload from the web, in the referer field in my apache error logs. The attack appears to work by converting a command name into a funtion name for the empty function…
Kylos
- 333
- 1
- 6
22
votes
1 answer
GitHub's Bash Shell for Windows is vulnerable to Shellshock. Can it do any harm though?
After the news of the Shellshock vulnerability broke out, I remembered I had GitHub's version of a bash shell for Windows installed. Just to see if it also had the vulnerability, I executed:
env x='() { :;}; echo vulnerable' bash -c "echo this is a…
cptncrnch
- 305
- 3
- 8
22
votes
1 answer
Attack scenarios of the new Bash vulnerability
Odds are that you're already aware of the newly discovered Bash bug. It can be tested using env x='() { :;}; echo vulnerable' bash -c "echo this is a test".
What yet I haven't understand is, what are the real attack scenarios of this vulnerability.…
The Illusive Man
- 10,487
- 16
- 56
- 88
22
votes
4 answers
Avast performing an attack?
I have a Toshiba notebook, which came with Norton Internet Security.
In addition, I have installed Avast.
I received a warning from Norton about a OS Attack: GNU Bash CVE-2014-6271 intrusion attempt.
Norton "blamed" Avast, in my own computer, for…
sancho.s ReinstateMonicaCellio
- 434
- 3
- 9
17
votes
1 answer
How to do a privileges escalation with ping?
I am trying to achieve a privilege escalation. I have a virtual machine on Linux and I escaped from an rbash terminal. I have now a "normal" user terminal. My user is not in the sudoers file.
Is it possible to perform a privilege escalation using…
mb3354
- 171
- 1
- 1
- 5
15
votes
5 answers
Can a .sh file be malware?
Can a .sh file be a virus or something harmful? Is it like .exe files on Windows? If yes, can someone read this script** and tell me if it safe and does it affect GnuPG security? It gives me an option to encrypt files with a right-click on…
rezx
- 1,039
- 3
- 12
- 20
13
votes
4 answers
Does the bash shell function import feature inevitably give rise to privilege escalation problem?
Even without the immediate code-execution problem of Shellshock trailing commands, to what extent does the feature of bash importing functions from the environment give rise to a comprehensive privilege escalation vulnerability?
To be clear, there…
Ben
- 3,697
- 1
- 18
- 24