shellshock ssh bash OpenWRT DD-WRT

Автор:Дмитрий Алтухов

shellshock ssh bash OpenWRT DD-WRT

В Интернете поднимается очередная паника (и вполне обоснованная) = Shellshock

На самом деле особо паниковать не нужно.

  1. Для «взлома сервера» нужен доступ по SSH (успешная авторизация для получения bash).
    Shellshock is a vulnerability on bash, not on SSH. In order to exploit it, an attacker needs to cause the vulnerable system to run bash, and to control the value of an environment variable that will be passed to bash.In order to reach a bash process through SSH, the attacker needs to pass the authentication steps. (There can be attack vectors through other network services, but they are beyond the scope of this thread.) If the account is allowed to run arbitrary shell commands anyway, there is no attack. The vulnerability comes into play if the account is restricted to run specific commands: for example, an SFTP-only account, or a git-only account, etc.

    There are several ways to restrict an account to run a specific command with SSH: with the ForceCommand option in sshd_config, or with a command=. restriction in the authorized_keys file. If the user’s shell is bash, then the Shellshock vulnerability allows a user who would normally have access only to the restricted account to bypass the restriction and execute arbitrary commands.

  2. Наиболее актуален взлом серверов через HTTP/CGI
  3. Ещё тревожит dhclient-script
  4. Взломать домашние роутеры (OpenWRT/DD-WRT) не получится (пока), так как там тяжелый bash не используется (вместо него BusyBox/ash)
  5. Non-jailbroken iPhones/iPads and non-rooted Android devices are not vulnerable to Shellshock. В большинстве случаев iPhone/iPad и Android не подвержены уязвимости.


Об авторе

Дмитрий Алтухов administrator