Upload File

bash shell code injection 윤신필립 하승범. 1.what is shellshock. 2.background knowledge....

  • Home
  • Documents
  • Bash shell Code Injection 윤신필립 하승범. 1.What is ShellShock. 2.Background Knowledge. 3.Shellshock CVE-2014-6271 4.Additional vulnerabilities 5.Dangerousness
23
Bash shell Code Injection Shellshock vulnerability 윤윤윤윤 윤윤윤

Upload: theodora-hodges

Post on 20-Jan-2016

219 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: Bash shell Code Injection 윤신필립 하승범. 1.What is ShellShock. 2.Background Knowledge. 3.Shellshock CVE-2014-6271 4.Additional vulnerabilities 5.Dangerousness

Bash shell Code Injection Shellshock

vulnerability

윤신필립하승범

Page 2: Bash shell Code Injection 윤신필립 하승범. 1.What is ShellShock. 2.Background Knowledge. 3.Shellshock CVE-2014-6271 4.Additional vulnerabilities 5.Dangerousness

CONTENTS1. What is ShellShock.

2. Background Knowledge.

3. Shellshock CVE-2014-6271

4. Additional vulnerabilities

5. Dangerousness of this Vulnerability.

6. Way of Solutions.

Page 3: Bash shell Code Injection 윤신필립 하승범. 1.What is ShellShock. 2.Background Knowledge. 3.Shellshock CVE-2014-6271 4.Additional vulnerabilities 5.Dangerousness

What is Shellshock ?

• CVE 2014-6271

• Disclosed by Akamai Technology ofStephane Chazelas on 24 September 2014.

• CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277, CVE-2014-6278

Page 4: Bash shell Code Injection 윤신필립 하승범. 1.What is ShellShock. 2.Background Knowledge. 3.Shellshock CVE-2014-6271 4.Additional vulnerabilities 5.Dangerousness

How to set environment variable?

Page 5: Bash shell Code Injection 윤신필립 하승범. 1.What is ShellShock. 2.Background Knowledge. 3.Shellshock CVE-2014-6271 4.Additional vulnerabilities 5.Dangerousness

How to set environment variable?

Page 6: Bash shell Code Injection 윤신필립 하승범. 1.What is ShellShock. 2.Background Knowledge. 3.Shellshock CVE-2014-6271 4.Additional vulnerabilities 5.Dangerousness
Page 7: Bash shell Code Injection 윤신필립 하승범. 1.What is ShellShock. 2.Background Knowledge. 3.Shellshock CVE-2014-6271 4.Additional vulnerabilities 5.Dangerousness

How to set environment variable?

Page 8: Bash shell Code Injection 윤신필립 하승범. 1.What is ShellShock. 2.Background Knowledge. 3.Shellshock CVE-2014-6271 4.Additional vulnerabilities 5.Dangerousness

How to set environment variable?

Page 9: Bash shell Code Injection 윤신필립 하승범. 1.What is ShellShock. 2.Background Knowledge. 3.Shellshock CVE-2014-6271 4.Additional vulnerabilities 5.Dangerousness

Bash Architecture

• Run bash

• initialization Bash environment variable

• Print Bash shell prompt

• Wait instruction

• Save inst to string and parsing

• Run instruction

Page 10: Bash shell Code Injection 윤신필립 하승범. 1.What is ShellShock. 2.Background Knowledge. 3.Shellshock CVE-2014-6271 4.Additional vulnerabilities 5.Dangerousness

How to set environment variable?

Page 11: Bash shell Code Injection 윤신필립 하승범. 1.What is ShellShock. 2.Background Knowledge. 3.Shellshock CVE-2014-6271 4.Additional vulnerabilities 5.Dangerousness

Principle of CVE-2014-6271

• Use parse_and_execute() function

intparse_and_execute (string, from_file, flags){ ... while (*(bash_input.location.string)) { ...

Page 12: Bash shell Code Injection 윤신필립 하승범. 1.What is ShellShock. 2.Background Knowledge. 3.Shellshock CVE-2014-6271 4.Additional vulnerabilities 5.Dangerousness

PATCH VERSION/* Don't import function names that are invalid identifiers from the environment, though we still allow them to be defined as shell variables. */if (legal_identifier (name))parse_and_execute(temp_string, name, SEVAL_NONINT|SEVAL_NOHIST|SEVAL_FINCDEF|SEVAL_ONECMD);

Principle of CVE-2014-6271

• limit number of process• check function

Page 13: Bash shell Code Injection 윤신필립 하승범. 1.What is ShellShock. 2.Background Knowledge. 3.Shellshock CVE-2014-6271 4.Additional vulnerabilities 5.Dangerousness

CVE-2014-6271 DEMO

DEMO

Page 14: Bash shell Code Injection 윤신필립 하승범. 1.What is ShellShock. 2.Background Knowledge. 3.Shellshock CVE-2014-6271 4.Additional vulnerabilities 5.Dangerousness

Additional vulnerabilities

Page 15: Bash shell Code Injection 윤신필립 하승범. 1.What is ShellShock. 2.Background Knowledge. 3.Shellshock CVE-2014-6271 4.Additional vulnerabilities 5.Dangerousness

CVE-2014-7169

Page 16: Bash shell Code Injection 윤신필립 하승범. 1.What is ShellShock. 2.Background Knowledge. 3.Shellshock CVE-2014-6271 4.Additional vulnerabilities 5.Dangerousness

CVE-2014-7186

Page 17: Bash shell Code Injection 윤신필립 하승범. 1.What is ShellShock. 2.Background Knowledge. 3.Shellshock CVE-2014-6271 4.Additional vulnerabilities 5.Dangerousness

CVE-2014-6278

Page 18: Bash shell Code Injection 윤신필립 하승범. 1.What is ShellShock. 2.Background Knowledge. 3.Shellshock CVE-2014-6271 4.Additional vulnerabilities 5.Dangerousness

Dangerousness of this Vulnerability

Page 19: Bash shell Code Injection 윤신필립 하승범. 1.What is ShellShock. 2.Background Knowledge. 3.Shellshock CVE-2014-6271 4.Additional vulnerabilities 5.Dangerousness

Dangerousness of this Vulnerability

Attacker CGI PAGE Web Server

virus

Server invade & Destroy

DB Server

Bash 실행

HTTP PACKET

Malicious c

ommands

Save inEnvironment

variable

Page 20: Bash shell Code Injection 윤신필립 하승범. 1.What is ShellShock. 2.Background Knowledge. 3.Shellshock CVE-2014-6271 4.Additional vulnerabilities 5.Dangerousness

Way of Solutions

UPDATEsudo apt-get upgradesudo apt-get update

Fedora, Redhatsudo yum update

Page 21: Bash shell Code Injection 윤신필립 하승범. 1.What is ShellShock. 2.Background Knowledge. 3.Shellshock CVE-2014-6271 4.Additional vulnerabilities 5.Dangerousness

Way of Solutions

OS X bash Update 1.0Mavericks http://support.apple.com/kn/DL1769

Mountain Lion http://support.apple.com/kn/DL1768

Lion http://support.apple.com/kn/DL1767

http://support.apple.com/kn/DL1769
http://support.apple.com/kn/DL1768
http://support.apple.com/kn/DL1768
http://support.apple.com/kn/DL1767
http://support.apple.com/kn/DL1767
Page 22: Bash shell Code Injection 윤신필립 하승범. 1.What is ShellShock. 2.Background Knowledge. 3.Shellshock CVE-2014-6271 4.Additional vulnerabilities 5.Dangerousness

Way of Solutions

Troy Hunt (Tremendous in-depth primer on Shellshock)

In short, the advice to consumers is this: watch for security updates, particularly on OS X. Also keep an eye on any advice you may get from your ISP or other providers of devices you have that run embedded software. Do be cautious of emails requesting information or instructing you to run software

Page 23: Bash shell Code Injection 윤신필립 하승범. 1.What is ShellShock. 2.Background Knowledge. 3.Shellshock CVE-2014-6271 4.Additional vulnerabilities 5.Dangerousness

Q & A


Exploiting Format String Vulnerabilities Engineering... · 2014-12-08 · Exploiting Format String Vulnerabilities scut / team teso September 1, 2001 version 1.2 번역 및 편집:

Term paper on hydro power projects and disaster vulnerabilities

juanpabloberrezueta@gmailteniendo como referente las vulnerabilidades en las comunicaciones encriptadas se confirma la falencia en el código CVE-2014-6271 (CVE-2014- 6271, 2014) presentando

IstSec'14 - Onur ALANBEL - ShellShock

Networked Home Appliances and Vulnerabilities.  by Yukihisa Horibe

Database Vulnerabilities Go Unpatched

security vulnerabilities of dvb chipsets

EZPEČNOSTNÝ BULLETIN - SK-CERT · 2020-07-21 · RSA Products Multiple Vulnerabilities Vysoká 7.5 06. Multiple Vulnerabilities in Apache Solr, CXF and PDFBox Vysoká 7.5 07. ISC

Linuxday 2014 Amato - Shellshock

CAPACITIES AND VULNERABILITIES ANALYSIS FRAMEWORK (CVA)

BOLETIN 6271 DE REGISTROS DEL 07 NOVIEMBRE DE 2021

A9 - Using Components with Known Vulnerabilities

KI 6271-Struktur Padatan

File Inclusion vulnerabilities in PHP

Coping with inherent vulnerabilities and building

Learn About the Top Oracle E-Business Suite Security Vulnerabilities

Vulnerabilities in TN3270 based Application

SANT/FAS 2018 Conference Vulnerabilities C

Identifying Your Agency's Vulnerabilities

Shellshock 威脅案例

Uncovering SAP vulnerabilities - BruCON 2017files.brucon.org/2012/Uncovering_SAP_Vulnerabilities.pdf · Uncovering SAP vulnerabilities: Reversing and breaking ... PA G E 15 NI (Network

VULNERABILITIES, IMPACTS AND ADAPTATION PROGRAM: MARITIME …

Buffer overflow and other software vulnerabilities: theory and practice of protection

Memoria Geológica 6271-IV Villa Mella

VEX: Vetting browser extensions for security vulnerabilities

EZPEČNOSTNÝ BULLETIN 1 / 13 - SK-CERT · Nagios XI Multiple Vulnerabilities Vysoká 7.3 10. cURL Multiple Vulnerabilities Vysoká 7.3 11. Multiple Vulnerabilities in VMware Products

6. Vulnerabilities

Tutorial - Idaho National Laboratory · Higher severity vulnerabilities seem to have ... (greater risk) 24. ... that the rate at which foundational vulnerabilities are reported is

FIN 6271 TS Lecture 1

Ciso back to the future - network vulnerabilities

Survey and Analysis of ICS Vulnerabilities (Japanese)

Taxonomies of Attacks and Vulnerabilities in Computer Systems

Protecting Browsers from Extension Vulnerabilities

A First Step Towards Automated Detection of Buffer Overrun Vulnerabilities

Gestion des vulnérabilités dans le cas de Shellshock