Webcast Briefing: Bash Code Injection Vulnerability

Published: 2014-09-25
Last Updated: 2014-09-25 22:13:41 UTC
by Johannes Ullrich (Version: 1)
7 comment(s)

I created a quick Youtube video to summarize the impact of the vulnerability. The tricky part is that there is a huge vulnerable population out there, but the impact is limited as in most cases, the vulnerability is not exposed.

Feel free to share the video or the slides. I am making PPT and PDF versions available below

PDF Version of Slides
PPT Version of Slides (coming soon. not uploaded yet)

Johannes B. Ullrich, Ph.D.

7 comment(s)


Possible error in presentation:

In presentation it says "Not an issue for clients. It is a server problem" which is not technically correct. From everything I have seen DHCP client and dhclient is a client problem for this vulnerability.
Can you provide the link to the video?
added video link. Sorry for missing that earlier.

As for the client vs. server: yes, in the DHCP scenario, it is a client problem. But this scenario is less likely to be exploited.
Well, I'd mention that although this is not meant for clients, the side-effect on this would be to attack through a legit site for whatever reason, say serving adware/malware/APT campaigns... So the end of this may have a much deeper impact on clients thinking they're doing "safe" browsing. Nasty vuln in the end... Thx for the video, great stuff
your slide are missing one critical point:
it is not just CGI though bash, the vuln hits any CGI that calls system() opne() or popen(). i can confirm that python and perl are vulnerable to this and found as couple of gitweb-server that might be exploited.

a sidenote: /bin/sh has to be a symlink to /bin/bash for this to happen, and fortunately debian is safe, while redhat/sles are vulnerable.


I suspect that windows clients with Cygwin may end up a being an end user issue. http://cygwin.com/packages/
I'm wondering also about MAMP for Windows, http://www.mamp.info/en/mamp_windows.html. Btw MAMP for MAC OS is Vulnerable.

Diary Archives