Thursday, September 25, 2014

What is the Shellshock Bash vulnerability and how it affects you ?

You must have heard about a new bug found in the Bash shell. Are you Wondering about what is it...
Bash stands for Bourne-Again SHell. It's a computer program that allows users to type commands and execute them on Mac OS X and Linux Systems. Bash has been since the 80s, and is used by system administrators and computer programmers. It can be accessed remotely to configure, repair and diagnose servers without physically being there. So Bash is used in most of the servers. 


So how does this bug works...
Open the Terminal and run this line of code in your Linux Machine:
env x='() { :;}; echo Vulnerable' bash -c 'echo Update ur PC'
The "env" command sets an enviournment variable, and then executes a command based on that enviournment. The variable 'x' if used in the second echo then the value of 'x' will be echoed at the position ' $x '. In this case the variable 'x ' isn't used in the second echo. So naturally, the " echo Vulnerable " command must be ignored. But, If you are vulnerable to the Shellshock Bash vulnrerability, then the malicious string " '() { :;}; echo Vulnerable' " starts working by taking advantage of the bug, and starts running the command (echo Vulnerable) automatically. 
In a real attack, the code will be relaced with malicious codes to remotely use your system to run a spyware, to spy on you, take your passwords and much more ...
To solve this problem, update your PC. 
Copyright © 2014 White Hat Pages