Shellshock

The current bash exploit has been expanded, both to bypass new patches and abuse new services. As an example, some FTP servers under the right circumstances may be affected by this.
As for Perl, many scripts rely on the functions/variables “exec” “system” or “%ENV” and these are touchpoints with the system shell.
It is also possible to bypass IPS/IDS systems by obfuscating the attack code. 

So far, these are the most frequent targeted applications:
cPanel: 23%
Old Apache servers: 15%
Barracuda hardware: 15%

 

7 new and older exploits targeting bash:

 

How to test your own server:

 

Sources:
http://blog.cloudflare.com/inside-shellshock/
http://perltricks.com/article/115/2014/9/26/Shellshock-and-Perl
https://shellshocker.net/
http://www.futuresouth.us/wordpress/?p=5
http://www.alertlogic.com/blog/idsips-signature-bypassing-snort/
http://resources.infosecinstitute.com/shellshock-cve-2014-6271-another-attack-vector-bluffing-ipsids-sensors-python-crafted-pkts/
https://github.com/francisck/shellshock-cgi/blob/master/shellshock_cgi.py

Leave a Reply

Your email address will not be published. Required fields are marked *