No, the attack does not require the attacker to have an account. They can make use of the account that is running the service that they attack through.
As an example, if you have a web server running - it would normally be run by a user. This could be "apache", "webserver" or if you are very unlucky "root".
The "shellshock" vulnerability will allow an attacker to leverage the owner of a service privileges to potentially gain access to some or all of a server or it's data.
I have seen a large number of assaults on my estate, below are the typical things that you are seeing. So far I haven't had any serious problems, I had started patching before the first attack so was lucky.
As you'll probably be able to see from the above, the attempts to gain access are coming from different IP Addresses I now have lists of several hundred. The most common seem to be trying to gain access to things like Mysql databases, firewall block lists and attempts to clear them along with access to a host of standard setup utilities.
The /bin/ping could just as easily be a "wget" or "ftp" placing malicious code or a million other things designed to make a systems admin unhappy.
Regards
Dave
Last edited by gull04; 09-28-2014 at 08:16 PM..
Reason: More info.
These 2 Users Gave Thanks to gull04 For This Post:
Just to let you know, if you are running any internet facing servers with the bash (shellshock) vulnerability still evident you are risking a major intrusion. I am now seeing a spike in activity, complexity and frequency of the attempts on my web servers.
Here is a sample of what I'm seeing.
So if you're still unpatched - best get to it. The more advanced guys will be along very soon now.
There is still the script kiddy stuff as well, typically stuff like this.
But even that will improve, so better safe than sorry.
Hi friends,
We have a Solaris machine running 10 update 3
-bash-3.2# cat /etc/release
Solaris 10 11/06 s10s_u3wos_10 SPARC
Copyright 2006 Sun Microsystems, Inc. All Rights Reserved.
Use is subject to license terms.
... (6 Replies)
In this post at 302451613-post2.html the link to the code comes up not found. The thread is closed, so I was unable to ask on the thread itself and I do not have enough posts yet to send a private message (or write out a proper html link). Does the author (jim mcanamara) have an updated link?
... (2 Replies)
In the below bash there are 6 .txt files in /home/cmccabe/Desktop/comparison/ref_val/ that are being updated from the 6 .vcf files in /home/cmccabe/Desktop/comparison/validation/files/*.vcf. The awk in the post updates the files with the information, however the files are not being updated so the... (0 Replies)
Hi
i want to update the BASH because of the "shell shock" vulnerability.
my RedHat 5 is clean install with the default mirror site.
when im running the command: yum update bash
im getting a message saying there is no update. you can see in the attach picture...
what am i doing wrong? is... (4 Replies)
Hello,
I want to check the value of all MySQL columns.(column name is "status") via bash script.
If value is "0" at I want to make only single column value to "1"
I have many "0" values on mysql database(on "status" column)
"0" means it is a draft post. I want to publish a post. I... (2 Replies)
I want to update my solaris 10 server which is currently on update 3 stage.
A new application require it to be on update 6.
What is the best way to make it update 6.
should i just install the patch or should i go for the liveupgrade??
thanks for you help in advance (3 Replies)
Hi all
I wish to undo the mirroring for root and update the Solaris version from 8 to 10. Since i am lack of knowledge and experience on this, hope you all can help me double check the step and correct me.
Existing disk groups details
root@leo # vxdg list
NAME STATE ID... (3 Replies)
Hi all,
Basically Im trying to put the current time in a script in BASH. Tried the watch command, but its not really what I want.
I will have lots of things in this script, current date and time being just a few).
Any ideas? (4 Replies)