|
Shellshock, also known as Bashdoor, is a family of security bugs〔Although described in some sources as a "virus," Shellshock is instead a coding mistake in a program that comes with some operating systems. See => 〕 in the widely used Unix Bash shell, the first of which was disclosed on 24 September 2014. Many Internet-facing services, such as some web server deployments, use Bash to process certain requests, allowing an attacker to cause vulnerable versions of Bash to execute arbitrary commands. This can allow an attacker to gain unauthorized access to a computer system. Stéphane Chazelas contacted Bash's maintainer, Chet Ramey, on 12 September 2014〔 telling Ramey about his discovery of the original bug, which he called "Bashdoor". Working together with security experts, he soon had a patch as well.〔 The bug was assigned the CVE identifier CVE-2014-6271. It was announced to the public on when Bash updates with the fix were ready for distribution. The first bug causes Bash to unintentionally execute commands when the commands are concatenated to the end of function definitions stored in the values of environment variables.〔 Within days of the publication of this, intense scrutiny of the underlying design flaws discovered a variety of related vulnerabilities, (CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186, and CVE-2014-7187); which Ramey addressed with a series of further patches.〔〔 Attackers exploited Shellshock within hours of the initial disclosure by creating botnets of compromised computers to perform distributed denial-of-service attacks and vulnerability scanning.〔〔 Security companies recorded millions of attacks and probes related to the bug in the days following the disclosure.〔〔 Shellshock could potentially compromise millions of unpatched servers and other systems. Accordingly, it has been compared to the Heartbleed bug in its severity.〔 Apple Inc. commented that OS X systems are safe by default, unless users configure advanced UNIX services. Such advanced users are typically capable of turning the services off until an official OS X patch is available, or they may use Xcode to replace system-provided Bash with a custom-compiled version that incorporates unofficial patches. Although notified of the vulnerability before it was made public, the company did not release a corresponding OS X update until 29 September 2014, at which time the OS X bash Update 1.0 was released. ==Background== The Shellshock vulnerabilities affect Bash, a program that various Unix-based systems use to execute command lines and command scripts. It is often installed as the system's default command-line interface. Bash is free software, developed collaboratively and overseen since 1992 on a volunteer basis by Chet Ramey, a professional software architect.〔 Analysis of the source code history of Bash shows the vulnerabilities had existed since version 1.03 of Bash released in September 1989, introduced by Bash's original author Brian Fox. In Unix-based operating systems, and in other operating systems that Bash supports, each running program has its own list of name/value pairs called environment variables. When one program starts another program, it provides an initial list of environment variables for the new program.〔(【引用サイトリンク】title= Open Group Base Specification: exec )〕 Separately from these, Bash also maintains an internal list of ''functions'', which are named scripts that can be executed from within the program.〔(【引用サイトリンク】title= Bash Reference Manual: Shell Functions )〕 Since Bash operates both as a command interpreter and as a command, it is possible to execute Bash from within itself. When this happens, the original instance can ''export'' environment variables and function definitions into the new instance.〔(【引用サイトリンク】title=Bash Reference Manual: Bourne Shell Builtins )〕 Function definitions are exported by encoding them within the environment variable list as variables whose values begin with parentheses ("()") followed by a function definition. The new instance of Bash, upon starting, scans its environment variable list for values in this format and converts them back into internal functions. It performs this conversion by creating a fragment of code from the value and executing it, thereby creating the function "on-the-fly", but affected versions do not verify that the fragment is a valid function definition.〔(【引用サイトリンク】title=Bash 4.3 source code, file variables.c, lines 315-388 )〕 Therefore, given the opportunity to execute Bash with a chosen value in its environment variable list, an attacker can execute arbitrary commands or exploit other bugs that may exist in Bash's command interpreter. 抄文引用元・出典: フリー百科事典『 ウィキペディア(Wikipedia)』 ■ウィキペディアで「Shellshock (software bug)」の詳細全文を読む スポンサード リンク
|