Shellshock

Open forum for security issues and info.
Forum rules
Any posts concerning pirated software or offering to buy/sell/trade commercial software are subject to removal.
User avatar
pentium
Posts: 4728
Joined: Mon Aug 28, 2006 6:29 pm
Location: Kamloops, BC

Shellshock

Unread postby pentium » Thu Sep 25, 2014 8:56 am

Now that the word is out about this absolutely massive bash exploit, should any of us folks still running Irix machines on the net be at all concerned?

An article on it.
:Crimson: :Onyx: :O2000: :O200: :O200: :PI: :PI: :Indigo: :Indigo: :Indigo: :Octane: :O2: :1600SW: :Indigo2: :Indigo2: :Indigo2IMP: :Indigo2IMP: :Indy: :Indy: :Indy: :Cube:

Image <-------- A very happy forum member.

User avatar
duck
Donor
Donor
Posts: 733
Joined: Mon Oct 27, 2003 5:22 pm
Location: Jakobstad, Finland
Contact:

Re: Shellshock

Unread postby duck » Thu Sep 25, 2014 9:59 am

Only on two cases:

The specific: If you use a bash script for CGI
The general: If you've replaced /bin/sh with bash

I'll add that the exploit-tests I've seen in my logs are using ping to test if it works; ours is in /usr/etc and AIUI that's not in the default path so even if you're vulnerable it wouldn't trigger the scriptkiddies at least.
:Octane: halo, octane Image knightrider, d i g i t a l AlphaPC164, pond, soekris net6501, misc cool stuff in a rack
N.B.: I tend to talk out of my ass. Do not take it too seriously.

User avatar
ClassicHasClass
Donor
Donor
Posts: 2076
Joined: Wed Jul 25, 2012 7:12 pm
Location: Sunny So Cal
Contact:

Re: Shellshock

Unread postby ClassicHasClass » Thu Sep 25, 2014 1:58 pm

You're more cooked if you're on a system where /bin/sh == /bin/bash. OS X is such a system. I quickly built a standalone bash for 10.4+ PPC/Intel if you want one of those.

http://tenfourfox.blogspot.com/2014/09/ ... -bash.html

But I think IRIX is very low risk.
smit happens.

:Fuel: bigred, 900MHz R16K, 4GB RAM, V12 DCD, 6.5.30
:Indy: indy, 150MHz R4400SC, 256MB RAM, XL24, 6.5.10
:Indigo2IMP: purplehaze, 175MHz R10000, Solid IMPACT
probably posted from Image bruce, Quad 2.5GHz PowerPC 970MP, 16GB RAM, Mac OS X 10.4.11
plus IBM POWER6 p520 * Apple Network Server 500 * RDI PrecisionBook * BeBox * Solbourne S3000 * Commodore 128 * many more...

User avatar
VenomousPinecone
Posts: 2141
Joined: Mon Jun 20, 2005 2:10 pm
Location: Groom Lake, NV

Shellshock Bash bug?

Unread postby VenomousPinecone » Thu Sep 25, 2014 3:45 pm

Attachments
Screen Shot 2014-09-25 at 3.37.27 PM.png
Screen Shot 2014-09-25 at 3.37.27 PM.png (19.21 KiB) Viewed 1689 times

User avatar
josehill
Moderator
Moderator
Posts: 3304
Joined: Mon Jun 06, 2005 9:53 pm
Location: New England, USA
Contact:

Re: Shellshock

Unread postby josehill » Thu Sep 25, 2014 4:06 pm


User avatar
foetz
Moderator
Moderator
Posts: 6543
Joined: Mon Apr 14, 2003 4:34 am
Contact:

Re: Shellshock

Unread postby foetz » Thu Sep 25, 2014 4:34 pm

good thing i never liked bash :P

User avatar
ClassicHasClass
Donor
Donor
Posts: 2076
Joined: Wed Jul 25, 2012 7:12 pm
Location: Sunny So Cal
Contact:

Re: Shellshock

Unread postby ClassicHasClass » Thu Sep 25, 2014 5:59 pm

smit happens.

:Fuel: bigred, 900MHz R16K, 4GB RAM, V12 DCD, 6.5.30
:Indy: indy, 150MHz R4400SC, 256MB RAM, XL24, 6.5.10
:Indigo2IMP: purplehaze, 175MHz R10000, Solid IMPACT
probably posted from Image bruce, Quad 2.5GHz PowerPC 970MP, 16GB RAM, Mac OS X 10.4.11
plus IBM POWER6 p520 * Apple Network Server 500 * RDI PrecisionBook * BeBox * Solbourne S3000 * Commodore 128 * many more...

SAQ
Posts: 5871
Joined: Wed Jul 19, 2006 8:37 am
Location: Renton, WA

Re: Shellshock

Unread postby SAQ » Thu Sep 25, 2014 8:19 pm

Why'd they start replacing /bin/sh with BASH anyway? Sun went into depth as to why that was not a good idea (and better to have a static /bin/sh), and it's not like sh added too much bloat to the system.
"Brakes??? What Brakes???"

"I am O SH-- the Great and Powerful"

:Indigo: :Octane: :Indigo2: :Indigo2IMP: :Indy: :PI: :O3x0: :ChallengeL: :O2000R: (single-CM)

User avatar
hamei
Posts: 10433
Joined: Tue Feb 24, 2004 4:10 pm
Location: over the rainbow

Re: Shellshock

Unread postby hamei » Thu Sep 25, 2014 8:45 pm

SAQ wrote:Why'd they start replacing /bin/sh with BASH anyway?

Heathen ! get thee hence, thou Unbeliever !
I spent a fortune on booze, birds, and fast cars ... the rest I just squandered

User avatar
josehill
Moderator
Moderator
Posts: 3304
Joined: Mon Jun 06, 2005 9:53 pm
Location: New England, USA
Contact:

Re: Shellshock

Unread postby josehill » Thu Sep 25, 2014 8:58 pm

SAQ wrote:Why'd they start replacing /bin/sh with BASH anyway? Sun went into depth as to why that was not a good idea (and better to have a static /bin/sh), and it's not like sh added too much bloat to the system.

What are you, some sort of graybeard who knows things and stuff? ;)

User avatar
ClassicHasClass
Donor
Donor
Posts: 2076
Joined: Wed Jul 25, 2012 7:12 pm
Location: Sunny So Cal
Contact:

Re: Shellshock

Unread postby ClassicHasClass » Thu Sep 25, 2014 10:36 pm

Second patch seems to pass muster:

http://seclists.org/oss-sec/2014/q3/734

I updated the OS X universal bash already (10.4-10.9, PPC and x86).
http://tenfourfox.blogspot.com/2014/09/ ... dated.html
smit happens.

:Fuel: bigred, 900MHz R16K, 4GB RAM, V12 DCD, 6.5.30
:Indy: indy, 150MHz R4400SC, 256MB RAM, XL24, 6.5.10
:Indigo2IMP: purplehaze, 175MHz R10000, Solid IMPACT
probably posted from Image bruce, Quad 2.5GHz PowerPC 970MP, 16GB RAM, Mac OS X 10.4.11
plus IBM POWER6 p520 * Apple Network Server 500 * RDI PrecisionBook * BeBox * Solbourne S3000 * Commodore 128 * many more...

User avatar
josehill
Moderator
Moderator
Posts: 3304
Joined: Mon Jun 06, 2005 9:53 pm
Location: New England, USA
Contact:

Re: Shellshock

Unread postby josehill » Fri Sep 26, 2014 6:03 am

ClassicHasClass wrote:I updated the OS X universal bash already (10.4-10.9, PPC and x86).
http://tenfourfox.blogspot.com/2014/09/ ... dated.html

Thanks, CHC! I'll load it on some machines today!

robespierre
Posts: 1554
Joined: Mon Sep 12, 2011 2:28 pm
Location: Boston

Re: Shellshock

Unread postby robespierre » Fri Sep 26, 2014 6:03 am

Code: Select all

$ sudo -s
# chmod -x /bin/bash
# ln -f /bin/ksh /bin/sh


fuggeddaboutit....
:PI: :O2: :Indigo2IMP: :Indigo2IMP:

User avatar
duck
Donor
Donor
Posts: 733
Joined: Mon Oct 27, 2003 5:22 pm
Location: Jakobstad, Finland
Contact:

Re: Shellshock

Unread postby duck » Fri Sep 26, 2014 10:04 am

robespierre wrote:

Code: Select all

$ sudo -s
# chmod -x /bin/bash
# ln -f /bin/ksh /bin/sh


fuggeddaboutit....


On linux this will likely break things badly. Remember that these kids have been thinking that sh = bash since they first licked a beige box.
:Octane: halo, octane Image knightrider, d i g i t a l AlphaPC164, pond, soekris net6501, misc cool stuff in a rack
N.B.: I tend to talk out of my ass. Do not take it too seriously.

User avatar
VenomousPinecone
Posts: 2141
Joined: Mon Jun 20, 2005 2:10 pm
Location: Groom Lake, NV

Re: Shellshock

Unread postby VenomousPinecone » Fri Sep 26, 2014 11:11 am

duck wrote:[...]since they first licked a beige box.


Whaddya' mean? that's not what the floppy drive is for? All these years of my life spent in confusion.


Return to “SGI: Security”

Who is online

Users browsing this forum: No registered users and 2 guests