关于Shellshock bash bug

Posted Sep 26, 2014

“不小心”看到了[shellshock bash bug](What is the Shellshock Bash bug and why does it matter?)

不明觉厉，按图索骥：

$env x='() { :;}; echo vulnerable' bash -c 'echo this is a test'

If you see the word “vulnerable” as an answer, your system is, well… vulnerable.

中枪。。。

立刻update+upgrade，再回过头看看到底啥情况：

Your Bash shell is simply running more code after a function (the “() { :;};” part), and that shouldn’t be happening. The function is the “allowed” code, while everything after it is where the potentially “malicious” code could be installed.

这，SQL注入的即视感啊。

##WHAT CAN AN ATTACKER DO?

The remote execution (over the internet or a network) of extra code could let an attacker load malware on a system and steal private information, delete files, activate your camera, open a lock and, well, do pretty much anything with a little know-how. However, as we mentioned, this is not something that should matter much on a user’s computer with a working firewall, because it hasn’t been proven possible to take advantage of the bug under that scenario.

A server, well, that’s a completely different story, because a server has to listen to requests in order to “serve” (pun intended) its purpose. This means that by requesting almost any data and running malicious code, an attacker can infect any affected server, which is about 60 percent of web servers out on the internet, most routers (even your home router) and many consumer devices (including security cameras and “smart” appliances – which don’t seem so smart right about now). This is because smart appliances are a form of servers.

基本上个人计算机（一般都自带防火墙）是不受影响的，而服务器就呵呵了；只要可以远程shell上去（很多VPS都支持吧），或者服务器本身用bash解析脚本/服务，那就可以轻松加载malware了，然后就是脚本小子们的发挥时间。。。

The bottom line is: this is a serious bug, but patches are available and should be installed promptly. But, there’s no doubt we’ll be hearing plenty more about Shellshock and the problems it can cause in the coming days and weeks – especially since it’s gone unnoticed for around 25 years. There’s a lot of holes out there to patch.

这一个藏了25年的bug，可算被Windows抓住小辫子了。

一句话总结：安全是永恒的话题啊。