Re: [PLUG] 'Shellshock' Bug Spells Trouble for Web Security

Rich Freeman on 26 Sep 2014 08:44:53 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] 'Shellshock' Bug Spells Trouble for Web Security

From: Rich Freeman <r-plug@thefreemanclan.net>
To: Fred Stluka <fred@bristle.com>, Fred Stluka <FredStluka@gmail.com>, "Philadelphia Linux User's Group Discussion List" <plug@lists.phillylinux.org>
Subject: Re: [PLUG] 'Shellshock' Bug Spells Trouble for Web Security
Date: Fri, 26 Sep 2014 11:44:44 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:content-type; bh=82JCDL7MMbwEROWc74xZk/7QWDPA9UZYp4L71gpoHW4=; b=Nm35o+tnX6hMMnhx2ApZp6zkmkGXhOUTplH60nebEsNWhf9C6a5obgi8nL5QvA4bb4 yi5OCwwtZ4yBZEpiPyJcXHuXxVNIvP82E9FVmquz1ZMj+5XVhDI3tS4t/6pWk51mDJrr Qsp2PFBuU/o0WKb19vDbTv+91K73yNfaKI2bgZnSsZl4j2g2acqRZVzM7YSHUYTnA7CK kapfIKODjRgppi4X91HfGjKbTARM+IPWWno8FGnZDNogX1CKX0I8MABCI4DnXIIZp4f9 ZtfFlwJ0LJIgvhL3e/850R/DLUiRuEXNiB2bIpz4e2dS1TIibb45LNJTpEVCsPRkhyvd +2SQ==
Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Sender: "plug" <plug-bounces@lists.phillylinux.org>

On Fri, Sep 26, 2014 at 11:09 AM, Fred Stluka <fred@bristle.com> wrote:
>
> But only if they try to access a malicious DHCP server to get
> assigned an IP address, right?  My web server should never
> be able to be tricked into trying to use a remote DHCP server.
> It would have to be that the local DHCP server it already uses
> has gotten infected, right?
>

DHCP clients don't choose servers.  They send a broadcast and accept
whatever replies they get.  Of course, only a host on the local subnet
can respond to a broadcast.

So, if somebody can get onto the same subnet as your webserver, and
its DHCP client is vulnerable (implementation-specific), then it could
potentially be compromised.

Again, it is more of a risk for things like laptops that frequent
foreign networks.  I suspect systemd-networkd is immune since it tends
to avoid using bash for anything, but I am not certain on that.  They
were just bragging about how their DHCP process executes in
milliseconds, and I can't imagine that they're using dhclient/etc to
accomplish that.

--
Rich
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

Follow-Ups:
- Re: [PLUG] 'Shellshock' Bug Spells Trouble for Web Security
  - From: Matt Mossholder <matt@mossholder.com>

References:
- [PLUG] 'Shellshock' Bug Spells Trouble for Web Security
  - From: Chris Grabowy <cgrabowy@gmail.com>
- Re: [PLUG] 'Shellshock' Bug Spells Trouble for Web Security
  - From: Fred Stluka <fred@bristle.com>
- Re: [PLUG] 'Shellshock' Bug Spells Trouble for Web Security
  - From: Rich Freeman <r-plug@thefreemanclan.net>
- Re: [PLUG] 'Shellshock' Bug Spells Trouble for Web Security
  - From: Fred Stluka <fred@bristle.com>
- Re: [PLUG] 'Shellshock' Bug Spells Trouble for Web Security
  - From: Rich Freeman <r-plug@thefreemanclan.net>
- Re: [PLUG] 'Shellshock' Bug Spells Trouble for Web Security
  - From: Fred Stluka <fred@bristle.com>

Prev by Date: Re: [PLUG] 'Shellshock' Bug Spells Trouble for Web Security
Next by Date: Re: [PLUG] 'Shellshock' Bug Spells Trouble for Web Security
Previous by thread: Re: [PLUG] 'Shellshock' Bug Spells Trouble for Web Security
Next by thread: Re: [PLUG] 'Shellshock' Bug Spells Trouble for Web Security
Index(es):
- Date
- Thread