http://www.hackerschool.org/HS_Boards/zboard.php?id=Free_Lectures&no=8589 [º¹»ç]
Shellshock¶õ 2014³â¿¡ ¹ß°ßµÈ bash ½©¿¡¼ ȯ°æ º¯¼ö¿¡ ÀúÀåµÈ ÇÔ¼ö Á¤ÀǸ¦ ó¸®ÇÒ ¶§
¹ß»ýÇÏ´Â Ãë¾àÁ¡À¸·Î CVE-2014-6271¿¡ º¸°íµÈ Áß´ëÇÑ Ãë¾àÁ¡ÀÌ´Ù.
ȯ°æº¯¼ö¸¦ ÅëÇØ Àü´ÞµÈ µ¥ÀÌÅ͸¦ Á¦´ë·Î °ËÁõÇÏÁö ¾Ê°í
½ÇÇà °¡´ÉÇÑ ÄÚµå·Î ó¸®Çعö¸®´Â ¹®Á¦°¡ ÀÖÀ¸¸ç °á°úÀûÀ¸·Î
°ø°ÝÀÚ´Â ¾Ç¼º Äڵ带 ȯ°æ º¯¼ö¿¡ »ðÀÔÇÏ°í
À̸¦ Bash¸¦ ÅëÇØ ½ÇÇàÇÏ¿© ½Ã½ºÅÛ ±ÇÇÑÀ¸·Î ÀÓÀÇÀÇ ¸í·ÉÀ» ½ÇÇàÇÒ ¼ö ÀÖ´Ù.
Ãë¾àÁ¡ÀÇ ¿øÀÎÀº ¹«¾ùÀϱî?
Bash´Â ȯ°æ º¯¼ö¿¡ ÇÔ¼ö Á¤ÀǸ¦ ÀúÀåÇÏ°í À̸¦ ½ÇÇàÇÒ ¼ö ÀÖ´Â ±â´ÉÀ» Áö¿øÇÑ´Ù.
Ãë¾àÁ¡ÀÌ ÀÖ´ÂÁö ¾ø´ÂÁö È®ÀÎÇÏ·Á¸é ¾Æ·¡¿Í °°ÀÌ Å͹̳ÎÀ» ÅëÇØ È®ÀÎÇÏ¸é µÈ´Ù.
===================================
export MYFUNC='() { :; }; echo Exploited'
bash -c "echo Test"
Exploited
Test
===================================
Ãâ·ÂÀ» ºÐ¼®ÇÏÀÚ¸é... Ãë¾àÇÑ °æ¿ì¿£ À§ÀÇ Ãâ·Â°á°ú°¡
**Exploited**°¡ Æ÷ÇԵǸé, ÇØ´ç Bash°¡ Ãë¾àÇÑ °ÍÀÌ´Ù.
ÆÐÄ¡µÈ °æ¿ì¿£ ÆÐÄ¡µÈ Bash´Â ÇÔ¼ö Á¤ÀÇ ÀÌÈÄÀÇ ¸í·É¾î¸¦ ½ÇÇàÇÏÁö ¾ÊÀ¸¸ç
¾Æ·¡¿Í °°ÀÌ °æ°í ¸Þ½ÃÁö¸¦ Ãâ·ÂÇÑ´Ù.
===================================
bash: warning: MYFUNC: ignoring function definition attempt
bash: error importing function definition for `MYFUNC'
===================================
´ëÀÀ ¹æ¹ýÀº Bash¸¦ ÃÖ½ÅÀ¸·Î ¾÷µ¥ÀÌÆ®¸¦ ÇÏ´Â °ÍÀÌ´Ù.
sudo apt update && sudo apt upgrade # Debian/Ubuntu °è¿
sudo yum update # Red Hat °è¿
¶Ç´Â Bash´ë½Å Dash, Zsh¿Í °°Àº ½©À» »ç¿ëÇÏ¸é µÈ´Ù.
³»¿ëÀ» ¿ä¾àÇÏÀÚ¸é
Exploited°¡ Ãâ·ÂµÇ¸é ÇØ´ç Bash ¹öÀüÀº Shellshock Ãë¾àÁ¡¿¡ Ãë¾àÇÑ »óÅ´Ù.
Áï½Ã ÆÐÄ¡¸¦ Àû¿ëÇϰųª, ½Ã½ºÅÛ È¯°æ ¼³Á¤À» Á¡°ËÇØ¾ß ÇÑ´Ù.
ÀÌ Ãë¾àÁ¡Àº ¾Ç¼º ÄÚµå ½ÇÇà(RCE)·Î À̾îÁú ¼ö ÀÖ¾î ½É°¢ÇÑ º¸¾È À§ÇùÀ» ÃÊ·¡ÇÑ´Ù.
Ãë¾àÇÑ Bash ¹öÀüÀº Bash 1.14~4.3±îÁöÀÇ ¹öÀüÀÌ
Shellshock(CVE-2014-6271) ¹× °ü·Ã Ãë¾àÁ¡ÀÇ ¿µÇâÀ» ¹Þ´Â´Ù.
¾Æ·¡´Â °¢ ¹öÀü°ú ÁÖ¿ä Ãë¾àÁ¡ °ü·Ã Á¤º¸´Ù.
CVE-2014-6271
ÇÔ¼ö Á¤ÀÇ µÚ¿¡ ÀÖ´Â Ãß°¡ ¸í·É ½ÇÇà °¡´É (Shellshock)
Bash 1.14~4.3
CVE-2014-7169
CVE-2014-6271¿¡ ´ëÇÑ ºÒ¿ÏÀüÇÑ ÆÐÄ¡ ¿ìȸ °¡´É
Bash 1.14~4.3
CVE-2014-7186
BashÀÇ ¸Þ¸ð¸® ¼Õ»ó Ãë¾àÁ¡
Bash 1.14~4.3
CVE-2014-7187
BashÀÇ È÷½ºÅ丮 ÆÄÀÏ Ã³¸® °úÁ¤¿¡¼ ¹ß»ýÇÏ´Â ¹®Á¦
Bash 1.14~4.3
CVE-2014-6277
CVE-2014-6271°ú °ü·ÃµÈ ¸í·É¾î »ðÀÔ Ãë¾àÁ¡
Bash 1.14~4.3
CVE-2014-6278
ÇÔ¼ö Á¤ÀÇ¿Í ¸í·É¾î ½ÇÇà ¹®Á¦¿Í °ü·ÃµÈ Ãß°¡ Ãë¾àÁ¡
Bash 1.14~4.3
ÁÖ¿ä Bash ¹öÀü°ú Ãë¾àÁ¡ »óÅÂ
Bash 1.x ~ 2.x:
ShellshockÀÇ ¿µÇâÀ» ¹ÞÀ½.
ÀÌ ¹öÀüÀº 1990³â´ë ÃÊ¹Ý ¹èÆ÷µÈ ¿À·¡µÈ ¹öÀüÀÌ´Ù.
Bash 3.x:
ShellshockÀÇ ¿µÇâÀ» ¹ÞÀ½.
¸¹Àº ¼¹ö¿Í ½Ã½ºÅÛ¿¡¼ »ç¿ëµÇ¾úÀ¸¸ç,
ƯÈ÷ ·¹°Å½Ã ½Ã½ºÅÛ¿¡¼ ¿©ÀüÈ÷ »ç¿ë °¡´É¼ºÀÌ ³ôÀ½.
Bash 4.x (ÃÖ´ë 4.3):
ShellshockÀÇ ¿µÇâÀ» ¹ÞÀ½.
ÃֽŠ¸®´ª½º ¹èÆ÷ÆÇ¿¡¼ ±âº»À¸·Î Á¦°øµÇ´ø ¹öÀü.
Bash 4.3 ÀÌÈÄ:
Shellshock°ú °ü·ÃµÈ ¸ðµç Ãë¾àÁ¡¿¡ ´ëÇÑ ÆÐÄ¡°¡ Àû¿ëµÈ ¹öÀü.
Ãë¾àÁ¡ÀÌ ÇØ°áµÊ.
Ãë¾àÁ¡ ÇØ°áµÈ ¹öÀü
Shellshock °ü·Ã Ãë¾àÁ¡ÀÌ ÇØ°áµÈ ù ¹ø° ¾ÈÁ¤ ¹öÀüÀº Bash 4.3.27ÀÌ´Ù.
ÃֽŠ¹öÀü(2024³â ±âÁØ)Àº Bash 5.x ÀÌ»óÀ¸·Î, Shellshock¿¡ ¾ÈÀüÇÏ´Ù.
´ÙÀ½ ¸í·É¾î·Î ÇöÀç ½Ã½ºÅÛÀÇ Bash ¹öÀüÀ» È®ÀÎÇÒ ¼ö ÀÖ½À´Ï´Ù:
bash --version
GNU bash, version 4.3.11(1)-release (x86_64-pc-linux-gnu)
À§ ¿¹¿¡¼´Â Bash 4.3.11À̹ǷΠShellshock¿¡ Ãë¾àÇÏ´Ù.
ShellshockÀÇ ±âº» À̷аú ¿ä¾àÀº ¿©±â±îÁö ÇÏ°í
pwnable.krÀÇ Shellshock ¹®Á¦ °ø·«À» ¿Ã¸®¸é¼ ¸¶¹«¸®¸¦ ÇÏ°Ú´Ù. |
Hit : 203 Date : 2024/11/23 09:43
|