ITNE2002 Network and Security: Shellshock-The Bashdoor of Linux
Answer:
Introduction
As UNIX based systems are more robust and responsive than any other operating system, therefore most of the infrastructure of the organizations using this for network management, automation of the different processes and internal communication through intranet. The “bash”, which is utilized by the users to execute command lines and scripts is mainly affected by the Shellshock vulnerability (Mary 2015). This Bash (Bourne Again Shell) shell is susceptible to the remote code execution vulnerability due its processing of specially crafted environment variables.
Identification of Shellshock
On 24 September 2014, one of the open source software developers Stephane Chazelas found this vulnerability of the UNIX based systems. It is also found that, this vulnerability was in existence from the year 1993 and can affect the windows operating system and Mac OS X users too. Researchers stated that this vulnerability
is more vulnerable compared to the most recent found vulnerability “HeartBleed” (Delamore and Ko 2015). Even though the typical users do not access the BASH but system administrators do need them as it enables them to issue commands to manage the services.
The way of exploitation
In Linux, the environment variables give an approach to impact the behavior of the software used on a system (Mary 2015). It is frequently utilized to give a shell to a remote client/users through the telnet, Ssh), a parser to decrypt the CGI scripts used in Apache or others or even give restricted command execution support to the users.
In addition to that, as the users are able create and add variables and assign, values to that the variables even before the bash shell is called. This kind of users created variables contains code that is executed by the shell at the time the Bourne shell is invoked.
This vulnerability is considered as a major problem for the UNIX like operating system environments as this vulnerability does not ask need for specialized technical knowledge of the attacker or the intruder but provides a very simple way of acquiring control of a targeted computer or network and force it to run any type of code.
In the event of exploiting a system using the Shellshock vulnerability, the attacker need to inject some environmental variables into Bash of the targeted system so that they can spawn shells on it to execute commands on it. This technical process is actually much easier than it sound, because in most of the cases it is found that some configurations of the web servers will do this for the attackers to exploit the vulnerability. Whenever a user is browsing web and request some web page from any server, they send various types of data, like a “bit” of text that helps in the identification of the browser of the user and cookies that are just strings in which the user can put anything (Delamore and Ko 2015). If it is found that, the website uses computer generated images (CGI) in order to create the requested page then it passes this type off data to some environmental variable in the Bourne shell. Thus if some code is utilized in order to generate requested web page is able to spawns a shell then the attacker uses this provided data to launch the attack on the server.
According to different researches it is found that the GNU Bash processes trailing strings or texts after function definitions that are provide in the environment variables (Mary 2015). This mechanism allows attackers to have privilege so that they can execute arbitrary malicious code using crafted environment variables (Pretorius and van Niekerk 2015). This can be done by vectors involving the Force Command feature in OpenSSH sshd, the mod_cgid and mod_cgi modules in the Apache Server. The command scripts executed by undetermined or unspecified DHCP clients in the network.
Potential impact on the users
Once any attacker exploits the Shellshock vulnerability of the system of any user then they can do almost anything with the system they want to perform. This includes deletion of files, change in the firmware, configurations etc. Different demos and Kits are available and easily accessible over the internet to exploit this Bashdoor. In addition to that if the vulnerable devices uses HTTP for data transmission, then a simple command enables the attackers to run any malicious code on the selected remote device of the user (Delamore and Ko 2015). The structure of the code is same as given format,
Curl -v -A '() {:;}; <some malicious code> <The IP of the device>
Some of the malicious codes that can be used by the attackers includes the following:
Scan for the vulnerable servers or devices in a network
In this scenario a single line of code will force the targeted server or system to ping to the attacker’s system along with a unique hash value such as “sdasdasd321d34d” (Mary 2015). After this every device that responds to the attackers ping with the same hash value becomes vulnerable. Example of such code is, Ping –c 1 –p sdasdasd321d34d.
Denial of Service attacks
The given code below will help the attacker to make the device wait for 40 seconds and thus consequently slow down the operation of the device (Pretorius and van Niekerk 2015). A full-fledged DOS attack would also requires additional operations that are similar to the previous one:
/bin/sleep 40| /sbin /sleep 40|/usr/bin/sleep 40
Acquiring full control over the device
In order to execute the ultimate threat for the client systems, attackers uses different commands to download and have remote access to the users system.
Examples of exploitation
After the discovery of the vulnerability, the area of impact of it is still being investigated by the experts; it is presumed that different Internet-accessible device and systems, like e-mail servers, web servers, DNS servers that uses the BASH in order to connect to concerned operating system, could be severely affected by the attacks exploiting this specific vulnerability. Even though BASH is found mainly on Unix-based operating systems, but infrastructures currently using Windows operating system based devices may still be vulnerable (Delamore and Ko 2015). The reason behind this can be stated the windows based systems are leveraging from the applications that are vulnerable due to its exploitations. The BASH of the UNIX based systems are also found on embedded systems and different “Internet-of-things” devices.
This vulnerability of bash allows malicious users/attackers to remotely execute different scripts according to their choice by transmitting malicious commands/scripts to the connected system (Mary 2015). Execution of this kind of malicious code allows the attackers to launch and run executables of software on the target system, create connections to another selected system, or malware.
Conclusion
The Shellshock vulnerabilities helps the users to use Bash of a system to forcefully execute different malicious codes/commands passed with the shell command. This exploitation of the vulnerability includes writing and reading of data, modifications of access rights by the attacker and other basic operations that an administrator can do with the system. Attackers could also utilize this BASH vulnerability to get sensitive data from the compromised system, like authentication data for any user, credit card or other financial details or other sensitive information that are stored on the device or exploited system.
References
Castro Lechtaler, A., Liporace, J.C., Cipriano, M., García, E., Maiorano, A., Malvacio, E. and Tapia, N., 2015. Automated Analysis of Source Code Patches using Machine Learning Algorithms. In XXI Congreso Argentino de Ciencias de la Computación (Junín, 2015).
Craigen, D., 2014. Assessing Scientific Contributions: A Proposed Framework and Its Application to Cybersecurity. Technology Innovation Management Review, 4(11).
Delamore, B. and Ko, R.K., 2015, August. A global, empirical analysis of the shellshock vulnerability in web applications. In Trustcom/BigDataSE/ISPA, 2015 IEEE (Vol. 1, pp. 1129-1135). IEEE.
Hofbauer, S., Beckers, K. and Quirchmayr, G., 2015. Defense Methods against VoIP and Video Hacking Attacks in Enterprise Networks.
Mallett, A., 2015. Mastering Linux Shell Scripting. Packt Publishing Ltd.
Mary, A., 2015. Shellshock Attack on Linux Systems-Bash. International Research Journal of Engineering and Technology, 2(8), pp.1322-1325.
Pretorius, B. and van Niekerk, B., 2015, January. Cyber-Security and Governance for ICS/SCADA in South Africa. In Iccws 2015-The Proceedings of the 10th International Conference on Cyber Warfare and Security: ICCWS2015 (p. 241). Academic Conferences Limited.
Sahel, S., 2015. Circumventing Insider Trading Laws by Cyberhacking: A Look into the Vulnerability of Cybersecurity Breaches in Regard to Insider Trading. J. Int'l Bus. & L., 15, p.239.
Stasinopoulos, A., Ntantogian, C. and Xenakis, C., 2015. Commix: Detecting and exploiting command injection flaws. Department of Digital Systems, University of Piraeus, BlackHat Europe, Nov, pp.10-13.
Whitelaw, C., 2015. Precise Detection of Injection Attacks on Concrete Systems.
Buy ITNE2002 Network and Security: Shellshock-The Bashdoor of Linux Answers Online
Talk to our expert to get the help with ITNE2002 Network and Security: Shellshock-The Bashdoor of Linux Answers to complete your assessment on time and boost your grades now
The main aim/motive of the management assignment help services is to get connect with a greater number of students, and effectively help, and support them in getting completing their assignments the students also get find this a wonderful opportunity where they could effectively learn more about their topics, as the experts also have the best team members with them in which all the members effectively support each other to get complete their diploma assignments. They complete the assessments of the students in an appropriate manner and deliver them back to the students before the due date of the assignment so that the students could timely submit this, and can score higher marks. The experts of the assignment help services at urgenthomework.com are so much skilled, capable, talented, and experienced in their field of programming homework help writing assignments, so, for this, they can effectively write the best economics assignment help services.