|
Sailfish OS bash shell is affected by the #shellshock bug
Pretty nasty this fella, here is more info and a test:
http://prng.net/shellshock/ I also filed a bug report @together, please vote: https://together.jolla.com/question/...hellshock-bug/ |
Re: Sailfish OS bash shell is affected by the #shellshock bug
fix will be included in upcoming sailfish update, you can be sure ;)
|
Re: Sailfish OS bash shell is affected by the #shellshock bug
So how exactly do you plan to exploit this vulnerability on Jolla?
What I would like to see is an upgrade to GPLv3 Bash4, instead of wasting more time on their bash3 fork. |
Re: Sailfish OS bash shell is affected by the #shellshock bug
Quote:
|
Re: Sailfish OS bash shell is affected by the #shellshock bug
@javispedro there are should be some internals accepting environment variables.
|
Re: Sailfish OS bash shell is affected by the #shellshock bug
Quote:
Quote:
Virtually the only situations where this bug can cause trouble is everywhere where a backlist/whitelist of environment variables is used to filter out such variables by name only. Because with this bug there are no "safe" env variable names. |
Re: Sailfish OS bash shell is affected by the #shellshock bug
Well, You are probably right, but this is exploitable on several applications aswell. There is a bit more here http://seclists.org/oss-sec/2014/q3/650.
So, applications that expose some of the functionality that is vulnerable (abitrary environment variables) could be used to get at least shell code execution as current user. But, that being said, I agree, I dont consider this a huge threat to Jolla/SailfishOS |
Re: Sailfish OS bash shell is affected by the #shellshock bug
Quote:
*No, running sshd alone does not mean you're vulnerable. If on the other hand you were expecting that people ssh'ing would not be able to run arbitrary code you're in for a nasty surprise (e.g. stupid centralized Git servers, sftp-only servers -- shared hosting, etc.) |
Re: Sailfish OS bash shell is affected by the #shellshock bug
anyway, waiting for bash update in nieldk repo :)
|
Re: Sailfish OS bash shell is affected by the #shellshock bug
Quote:
1) Grab all of your address book contacts, 2) Send compromising SMSs to all of them (plus a few "premium service" SMSs to inflate your bills!), 3) Zip your documents folder and upload to some chinese WWW server, 4) Then proceed to write randomly over your eMMC _permanently_ bricking the Jolla. #securityscare ;) The JollaStore RPM packages are somewhat safer, but only because they are manually/statically analyzed. Just an example of why I think "security scares" are bad. People tend to misplace their fears... |
Re: Sailfish OS bash shell is affected by the #shellshock bug
Quote:
http://www.volexity.com/blog/?p=19 |
Re: Sailfish OS bash shell is affected by the #shellshock bug
Quote:
|
Re: Sailfish OS bash shell is affected by the #shellshock bug
Not yet :D
|
Re: Sailfish OS bash shell is affected by the #shellshock bug
Quote:
|
Re: Sailfish OS bash shell is affected by the #shellshock bug
@javispedro #paranoiaeverywhere, lol
|
Re: Sailfish OS bash shell is affected by the #shellshock bug
Wrong subforum, but what about Maemo and Meego? These OS'es are infected too with this bug isn't it?
|
Re: Sailfish OS bash shell is affected by the #shellshock bug
1 Attachment(s)
Quote:
Edit: https://openrepos.net/content/nieldk/bash patchlevel 25, which fixes #shellschock source (and binaries) https://build.merproject.org/package...elnielsen/bash |
Re: Sailfish OS bash shell is affected by the #shellshock bug
Quote:
Still better than running as root, but there is still a lot of sensitive content accessible to unpriviledged accounts & full network access for all apps. |
Re: Sailfish OS bash shell is affected by the #shellshock bug
Quote:
|
Re: Sailfish OS bash shell is affected by the #shellshock bug
Just tested on my N900 (Bash4).
Code:
~ $ env x='() { :;}; echo vulnerable' Quote:
(Source: http://xkcd.com/1200/) |
Re: Sailfish OS bash shell is affected by the #shellshock bug
Quote:
Probably more worrying for n900 is the apt-get vulnerability (do you apt-get upgrade vulnerable apt-get to get safe apt-get???), didn't see a thread about it: https://lists.debian.org/debian-secu.../msg00212.html https://lists.debian.org/debian-secu.../msg00216.html https://lists.debian.org/debian-secu.../msg00219.html |
Re: Sailfish OS bash shell is affected by the #shellshock bug
Quote:
|
Re: Sailfish OS bash shell is affected by the #shellshock bug
https://together.jolla.com/question/...#post-id-56855
This is the official answer, the thread was closed :) Oh, some gory details on the first 0day exploit malware (botnet it seems): http://www.kernelmode.info/forum/vie...&t=3505#p23987 |
Re: Sailfish OS bash shell is affected by the #shellshock bug
Quote:
|
Re: Sailfish OS bash shell is affected by the #shellshock bug
developing: http://seclists.org/oss-sec/2014/q3/712
|
Re: Sailfish OS bash shell is affected by the #shellshock bug
Quote:
|
Re: Sailfish OS bash shell is affected by the #shellshock bug
If someone is curious how shellshock could be used to attack a Sailfish device, this illustrates one attack vector: https://pbs.twimg.com/media/ByZZUzmIIAAuFaR.jpg:large
That is, a malicious DHCP server could attack by sending code in the options field. I haven't verified this with my Jolla, but in theory this could be bad. Think of public WIFI access points... |
Re: Sailfish OS bash shell is affected by the #shellshock bug
Quote:
|
Re: Sailfish OS bash shell is affected by the #shellshock bug
Quote:
Feel free to test that with my bash ;) http://talk.maemo.org/showpost.php?p...6&postcount=17 |
Re: Sailfish OS bash shell is affected by the #shellshock bug
Quote:
EDIT: Again, during "security crazes" please remember to keep your brain turned on. There's a shitton of people (e.g. stackoverflow) who is right now posting "instructions to solve the bash bug" which include absurd things such as replacing your distro's bash with some random online version. Without proper care, that's even more stupid than plainly doing nothing. This doesn't necessarily apply to nieldk's packages, which I think one can trust (hehe ;P), but please remember to be generally cautious about this. |
Re: Sailfish OS bash shell is affected by the #shellshock bug
Quote:
Quote:
Quote:
|
Re: Sailfish OS bash shell is affected by the #shellshock bug
Quote:
https://www.trustedsec.com/september...proof-concept/ |
Re: Sailfish OS bash shell is affected by the #shellshock bug
why do I keep thinking of Turtles in Time (for the SNES) when I read 'Shellshock'?
(when you died, it said 'shellshock'. good old times) |
Re: Sailfish OS bash shell is affected by the #shellshock bug
Quote:
|
Re: Sailfish OS bash shell is affected by the #shellshock bug
Quote:
|
Re: Sailfish OS bash shell is affected by the #shellshock bug
Quote:
|
Re: Sailfish OS bash shell is affected by the #shellshock bug
gdhcp is not setting any env variables, so it should not be vulnerable. But if you manage to find an exploit then feel free to send steps to reproduce email to security@jolla.com
|
Re: Sailfish OS bash shell is affected by the #shellshock bug
Quote:
|
Re: Sailfish OS bash shell is affected by the #shellshock bug
|
Re: Sailfish OS bash shell is affected by the #shellshock bug
Quote:
[*] There's never enough time to do things properly, but always time to fix them later |
| All times are GMT. The time now is 04:19. |
vBulletin® Version 3.8.8