Skip to content
September 26, 2014 / Jared DeMott

The Mysterious Life of Benjamin Bash

In a time of shaggy beards, thick glasses, and bell bottomed trousers, was Bourne[i] a way to command the beasty called Unix.  But as is always the way with humans, enough is never enough.  As such, a fancier champion Bashed[ii] onto the scene.  And for many years, Mr. Benjamin Bash served rich and poor alike, in the kitchens of Apache[iii] and countless other dens[iv].

Now as always, dragon slayers[v] comb our lands, searching for kingdom weaknesses.  And of course, our faithful Mr. Bash was never considered a fault.  But his obscure injection[vi] wouldn’t lie dormant forever.  Nay!  One brave warrior, Sir Chazelas[vii], discovered that when ye place an order with lovely CGI[viii] maids, one can also pass an environment[ix] note, which causes Mr. Bash to do unexpected things.  Indeed, in vulnerable establishments, Bash will do whatever ye ask[x].  Even hand over the keys to the castle!  Aye, it’s a sad affair, with grave consequences[xi].

But take heart laddie, and listen up.  We’ve vital information.  Examine the following attack:

bashsmah_pic_2

The smart student would note that for the agent of doom to achieve its nefarious function[xii], some key bits must transfer across our moat[xiii].  The evil parts of the message are the letters “() {“.  I say, our border guards[xiv] should be informed about the matter.  And better yet, we should hastily patch[xv] Mr. Bash to insure he acts properly, and ignores such outsider suggestions.  Sadly some of our smaller holds[xvi] may not receive the message for some time, if ever.

So, with this unsavory matter behind, the mysterious life of Mr. Bash goes on.  But the enemy forces are wily.  They’re schemin’ and plotting as always.  I say let’s do a thorough run down of our defenses, check the checkers, and make sure we’re ready when next our dastardly foo return.

 

Protip: Article best read aloud with a pint and a thick Irish or Scottish accent

[i] http://en.wikipedia.org/wiki/Bourne_shell

[ii] http://en.wikipedia.org/wiki/Bash_(Unix_shell)

[iii] http://en.wikipedia.org/wiki/Apache_HTTP_Server

[iv] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271

[v] http://www.alienvault.com/blogs/security-essentials/the-life-of-a-security-researcher

[vi] http://en.wikipedia.org/wiki/Code_injection

[vii] https://lists.debian.org/debian-security-announce/2014/msg00220.html

[viii] http://en.wikipedia.org/wiki/Common_Gateway_Interface

[ix] http://en.wikipedia.org/wiki/Environment_variable

[x] http://shellshock.brandonpotter.com/

[xi] http://www.scmagazine.com/linux-and-os-x-flaw-may-have-greater-impact-than-heartbleed/article/373743/

[xii] http://unix.stackexchange.com/questions/157329/what-does-env-x-command-bash-do-and-why-is-it-insecure

[xiii] http://en.wikipedia.org/wiki/Trust_boundary

[xiv] https://www.owasp.org/index.php/Web_Application_Firewall

[xv] https://bugzilla.redhat.com/show_bug.cgi?id=1141597

[xvi] http://en.wikipedia.org/wiki/Internet_of_Things

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: