ExtremeHacking
Today : | Time : | safemode : ON
> / Main Website / Cyber Surakha Abhiyan / Hackers Charity / Linkedin / facebook / twitter /
Name Author Perms Com Modified Label

Hackers Using 'Shellshock' Bash Vulnerability to Launch Botnet Attacks Unknown rwxr-xr-x 0 9/30/2014

Filename Hackers Using 'Shellshock' Bash Vulnerability to Launch Botnet Attacks
Permission rw-r--r--
Author Unknown
Date and Time 9/30/2014
Label
Action
Ethical Hacking Institute in Pune
./Arizona Team

Researchers on Thursday discovered a critical remotely exploitable vulnerability in the widely used command-line shell GNU Bourne Again Shell (Bash), dubbed "Shellshock" which affects most of the Linux distributions and servers worldwide, and may already have been exploited in the wild to take over Web servers as part of a botnet that is currently trying to infect other servers as well.

























BOTNET ATTACK IN THE WILD

The bot was discovered by the security researcher with the Twitter handle @yinettesys, who reported it on Github and said it appeared to be remotely controlled by miscreants, which indicates that the vulnerability is already being used maliciously by the hackers.

The vulnerability (CVE-2014-6271), which came to light on Wednesday, affects versions 1.14 through 4.3 of GNU Bash and could become a dangerous threat to Linux/Unix and Apple users if the patches to BASH are not applied to the operating systems.

However, the patches for the vulnerability were released but there was some concern that the initial fix for the issue still left Bash vulnerable to attack, according to a new US CERT National Vulnerability Database entry. There is as of yet no official patch that completely addresses both vulnerabilities, including the second, which allows an attacker to overwrite files on the targeted system.

SHELLSHOCK vs THE INTERNET

Robert Graham of Errata Security observed that the major internet scan is already being used by the cyber criminals in order to locate vulnerable servers for cyber attack. During a scan, Graham found about 3,000 servers that were vulnerable "just on port 80" — the Internet Protocol port used for normal Web Hypertext Transfer Protocol (HTTP) requests.

The Internet scan broke after a short while, which means that there could be a wide numbers of other servers vulnerable to the attack.

"It's things like CGI scripts that are vulnerable, deep within a website (like CPanel's /cgi-sys/defaultwebpage.cgi)," Graham wrote in a blog post. "Getting just the root page is the thing least likely to be vulnerable. Spidering the site and testing well-known CGI scripts (like the CPanel one) would give a lot more results—at least 10x."

In addition, Graham said, "this thing is clearly wormable and can easily worm past firewalls and infect lots of systems. One key question is whether Mac OS X and iPhone DHCP service is vulnerable—once the worm gets behind a firewall and runs a hostile DHCP server, that would be 'game over' for large networks."
32 ORACLE PRODUCTS VULNERABLE

Oracle has also confirmed that over 32 of its products are affected by the "Shellshock" vulnerability including some expensive integrated hardware systems of the company. The company warned its users to wait a bit longer for the complete patch, by issuing a security alert regarding the Bash bug on Friday.
"Oracle is still investigating this issue and will provide fixes for affected products as soon as they have been fully tested and determined to provide effective mitigation against the vulnerability," the company said.

PATCH ISSUED, BUT INCOMPLETE
Patches were released from most of the Linux distributions, but Red Hat has updated an advisory warning that the patch is incomplete, the same issue that was also raised by infosec community on Twitter.

"Red Hat has become aware that the patches shipped for this issue are incomplete," said Red Hat security engineer Huzaifa Sidhpurwala. "An attacker can provide specially-crafted environment variables containing arbitrary commands that will be executed on vulnerable systems under certain conditions The new issue has been assigned CVE-2014-7169."

Although people are urged to apply the released patch to thwart most attacks on the affected systems, another patch is expected to release as soon as possible.

www.arizonainfotech.com
CEH CHFI ECSA ENSA CCNA CCNA SECURITY MCITP RHCE CHECKPOINT ASA FIREWALL VMWARE CLOUD ANDROID IPHONE NETWORKING HARDWARE TRAINING INSTITUTE IN PUNE, Certified Ethical Hacking, IT Security Training Information Security Traning Courses in Pune, ceh certification in pune, Ethical Hacking Course in Pune
 

Cyber Suraksha Abhiyan | Sadik Shaikh © 2015 Sadik Shaikh | CEH V9 | ETHICAL HACKING Course Training Institute in India-Pune
Extreme Hacking Template design by Sadik Shaikh | Cyber Suraksha Abhiyan