Known Operating Syst
Known operating system security flaw in Microsoft® Windows®, Mac OS X®, Linux®, or UNIX®
Lance Branford
POS/355
January 13, 2015
Eugene Gorbatov
Known operating system security flaw in Microsoft® Windows®, Mac OS X®, Linux®, or UNIX®
In describing known operating security with in the operating systems. I will be describing how the systems are compromised how to counter the attack and what the attack does to the system. In the UNIX systems the vulnerability named shellshock which is a command line interrupter for Linux and Mac OSx, describe how it effects the Bash shell and is used to gain access to systems..
With the shellshock vulnerability in the UNIX operating systems the attacker inserts malicious piece of code3 from a remote location and is able to get full access to the victims computer and is able retrieve data. But not all UNIX systems are vulnerable to this attack. The description from the national vulnerability database “GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.” ("Common Vulnerabilities And Exposures", 2015)
Protection from such attack is preventable if not all together avoidable. The way that the attack gains access to the system is by having remote login and guest account access turned on and without assigning a password to the guest account. The second way system is exposed to the attack is by scripting environments such as
Lance Branford
POS/355
January 13, 2015
Eugene Gorbatov
Known operating system security flaw in Microsoft® Windows®, Mac OS X®, Linux®, or UNIX®
In describing known operating security with in the operating systems. I will be describing how the systems are compromised how to counter the attack and what the attack does to the system. In the UNIX systems the vulnerability named shellshock which is a command line interrupter for Linux and Mac OSx, describe how it effects the Bash shell and is used to gain access to systems..
With the shellshock vulnerability in the UNIX operating systems the attacker inserts malicious piece of code3 from a remote location and is able to get full access to the victims computer and is able retrieve data. But not all UNIX systems are vulnerable to this attack. The description from the national vulnerability database “GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.” ("Common Vulnerabilities And Exposures", 2015)
Protection from such attack is preventable if not all together avoidable. The way that the attack gains access to the system is by having remote login and guest account access turned on and without assigning a password to the guest account. The second way system is exposed to the attack is by scripting environments such as
References: Common Vulnerabilities and Exposures. (2015). Retrieved from http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271 Shellshock Vulnerability: What Mac OS X Users Need to Know. (2015). Retrieved from http://www.intego.com/mac-security-blog/shellshock-vulnerability-what-mac-os-x-users-need-to-know/