Vulnerability

Bash is one of the most used shells on Unix based systems. The newly discovered “shellshock” vulnerability affects millions of systems.

The weakness abuses an internal check when Bash gets a variable declaration. By defining this variable and putting more “stuff” (commands) in it, Bash will actually execute those commands as well. Unfortunately this results in several possible ways to exploit it by attackers.

Websites

One way this vulnerability scan be exploited, is by embedding it in HTTP requests. The extra payload might be the value for a cookie. Some CGI scripts, which reference to Bash as their shell, then will be tricked in executing commands when parsing the value of the cookie. Needless to say, but from there anything is possible, from revealing the contents of files, to implementing a backdoor.

There are several open source vulnerability scanners for Linux, like OpenVAS. While tools like these are powerful as well, we will have a look at Lynis, our auditing tool to detect vulnerabilities of Linux and Unix systems. Why is it different than others and how can it help you in securing your systems?

Vulnerabilities

Every piece of software will have sooner or later a vulnerability, a minor or major weakness which can be abused by evildoers. Within information security we have the goal to protect the confidentiality, integrity and availability of systems and the related information (or data). One of the biggest threats to this goal are people, tools and actions which make “use” of a vulnerability. Sometimes by accident, but usually on purpose, like exploiting toolkits which search the internet for systems with a known vulnerability. Therefore it’s advised to focusing on discovering and reducing the amount of vulnerabilities as soon as possible, to prevent unauthorized people from gaining access to our systems.