Re^2: The importance of avoiding the shell


more useful options
	PerlMonks

Re^2: The importance of avoiding the shell

by ikegami (Patriarch)

on Sep 29, 2014 at 06:44 UTC ( [id://1102320]=note: print w/replies, xml )

Need Help??

in reply to Re: The importance of avoiding the shell
in thread The importance of avoiding the shell

I think ssh can specify the value for TERM, making ssh an attack vector if you can get it to execute sh/bash (directly or indirectly).

But the new vulnerability is worse because it can be *any* env var, and CGI will gladly populate env vars with values of the attacker's choice for him. Any CGI script that executes bash is a dead easy attack vector. Attackers have been scanning for a CPanel script that shells out.

Comment on Re^2: The importance of avoiding the shell Select or Download Code

Replies are listed 'Best First'.
Re^3: The importance of avoiding the shell by shmem (Chancellor) on Sep 30, 2014 at 08:18 UTC
I think ssh can specify the value for TERM, making ssh an attack vector if you can get it to execute sh/bash. Right; simple test: `qwurx [shmem] ~ > env TERM='() { :;}; echo vulnerable' ssh localhost ... Last login: Tue Sep 30 10:14:54 2014 from localhost vulnerable qwurx [shmem] ~ >` [download] perl -le'print map{pack c,($-++?1:13)+ord}split//,ESEL'	[reply] [d/l]

In Section Meditations

Domain Nodelet^?

www.com | www.net | www.org

Node Status^?

node history
Node Type: note [id://1102320]
help

Chatterbox^?

How do I use this? • Last hour • Other CB clients

Other Users^?

Others chilling in the Monastery: (6)

As of 2024-04-23 11:09 GMT

Sections^?

Information^?

Find Nodes^?

Leftovers^?

Today I Learned

Voting Booth^?

No recent polls found