Jump to content

Invite Scene - #1 to Buy, Sell, Trade or Find Free Torrent Invites

#1 TorrentInvites Community. Buy, Sell, Trade or Find Free Torrent Invites for Every Private Torrent Trackers. HDB, BTN, AOM, DB9, PTP, RED, MTV, EXIGO, FL, IPT, TVBZ, AB, BIB, TIK, EMP, FSC, GGN, KG, MTTP, TL, TTG, 32P, AHD, CHD, CG, OPS, TT, WIHD, BHD, U2 etc.

LOOKING FOR HIGH QUALITY SEEDBOX? EVOSEEDBOX.COM PROVIDES YOU BLAZING FAST & HIGH END SEEDBOXES | STARTING AT $5.00/MONTH!

The Bash Vulnerability: How to Protect your Environment


Crypto

Recommended Posts

bash-shellshock.png

A recently discovered hole in the security of the Bourne-Again Shell (bash) has the majority of Unix/Linux (including OS X) admins sweating bullets. You should be, too--attackers have already developed exploits to unleash on unpatched web servers, network services and daemons that use shell scripts with environment variables (this can include network equipment, industrial devices, etc.)

 

Jaime Blasco, AlienVault Labs Director, gives a good explanation of the exploit in this blog post. And, the video below gives you a quick overview of how AlienVault Unified Security Management (USM) can detect malicious traffic on your network trying to locate and exploit this vulnerability.

 

https://www.youtube.com/watch?v=vmNS2q4SVmw

 

Basically, this vulnerability allows an attacker to execute shell commands on a server due to an issue in how bash interprets environment variables (such as “cookieâ€, “hostâ€, “referrer"). Exploiting this allows an attacker to run shell commands directly. Once they have access to run shell commands, they own the server.

What can I do?

If you’re already sanitizing inputs across your web applications to protect against SQL injection and cross-site scripting, you’re on the right track. This will give you at least a basic defense.

 

While CGI is still around on most sites, it is usually restricted to little bits of code that have been around for years. These bits of code have probably not updated under the rule-of-thumb “If it ain't broke, don’t fix it.â€

 

Well – guess what? It’s broke. Fix it. It’s time to find an alternative. But, in the mean time, it’s a good idea to disable any CGI that calls on the shell.

 

Some have recommended using something other than bash in your applications (Dash, Fish, Zsh, Csh, etc) but be sure to put some thought and careful planning into that instead of a knee-jerk ‘rip and replace’. Certain shells might work differently or even be missing some of the bash functionality that your applications rely on, rendering them inoperable.

 

The real fix is going to be patching of bash itself, either from the developers of the distribution you use, or, (if you’re savvy) via your own compiled code. Until then, the steps mentioned above are good first steps to defending yourself.

 

How can AlienVault help?

AlienVault Unified Security Management (USM) provides asset discovery, vulnerability assessment, threat detection (IDS), behavioral monitoring and SIEM in a single console, giving you everything you need to detect vulnerabilities like Bash, and attempted exploits.

 

With AlienVault USM you can:

  • Discover and inventory your network assets automatically
  • Scan for thousands of vulnerabilities, including Bash
  • Detect attacks and activity with known malicious hosts
  • Prioritize risks with correlated vulnerability and threat data
  • Benefit from threat intelligence updates developed by security experts at AlienVault Labs
Within 24 hours of the discovery of the Bash vulnerability, the AlienVault Labs team pushed updated network signatures and correlation directives to the USM platform, enabling users to detect the vulnerability in their environment, and detect attackers attempting to exploit it.

Learn more about AlienVault USM:

          Add Rep and Leave a feedback

                   Reputation is the green button in the down right corner on my post

  • Upvote 1

do you understand            if you having fun?                  it's a rising sun                           it's a man killing                              what's that feelin'

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Check out what our members are saying

  • Our picks

×
×
  • Create New...