Quote:
Originally Posted by qasdfdsaq
Guess that's another good example of why you should always run your web server processes in a deprivileged account...
Nonetheless the original source linked from your NIST article:
https://securityblog.redhat.com/2014...ection-attack/
says the vulnerability can be exploited via:
- Apache server using mod_cgi or mod_cgid are affected if CGI scripts are either written in bash, or spawn subshells. Such subshells are implicitly used by system/popen in C, by os.system/os.popen in Python, system/exec in PHP (when run in CGI mode), and open/system in Perl if a shell is used (which depends on the command string)
But:
- PHP scripts executed with mod_php are not affected even if they spawn subshells.
So I fail to see how else it could be exploited via HTTP, if your process can't execute or spawn shells to begin with... |
mod_php and mod_cgi are different
As you suggest, in many cases a privilege escalation exploit (ie kernel) will need to be used in conjunction to make proper use of it.
F5 Big IP firewalls have an issue with this but it appears you need access to the web interface to take advantage of it.
https://twitter.com/securifybv/statu...172673/photo/1
---------- Post added at 15:07 ---------- Previous post was at 14:46 ----------
Already some infections due to this have been found. This exploit is used to download an ELF binary with a secondary exploit to get root privileges and then install DDoS software.