top | item 8379401

Shellshock – am I vulnerable?

1 points| vladtaltos | 11 years ago | reply

If I have a VPS and just connect to it using SSH - am I vulnerable ?

or am I vulnerable through my home router ? I have no idea about the firmware on it. Is it possible that shellshock might have an effect on it ?

in short - what sort of use cases I should worry about ? I have not seen anybody explaining possible attack vectors about this thing yet... anybody have an idea ?

2 comments

[+] firebrand39|11 years ago|reply

SSH is calling a shell. If it is bash and the vulnerability test is positive http://fedoramagazine.org/shellshock-how-does-it-actually-wo... then your VPS is vulnerable and you better patch it.

To other posters. This vulnerability is so trivial (it creates a function in an environment variable), not some kind of sophisticated buffer overflow etc., that I wonder if this was once a bash feature.

Any comments?

[+] bespoke_engnr|11 years ago|reply

It's likely that your home router is behind NAT, so unless you're using DynDNS or a static IP address to make it reachable from the Net, you're probably safe there.

Supposing that there's no uPNP enabled, no government trojans on it, and no script kiddies on your subnet.