Upload
sasidhar-gogulapati
View
118
Download
4
Tags:
Embed Size (px)
Citation preview
1© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Shell shock & Poodle Vulnerabilities, Fix
-Sasidhar Gogulapati
2© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Shellshock is a security bug in Bash command-line interpreter(CLI)
Revealed by Linux expert Stephane Chazelas on 24th September, 2014. It’s a 10 years old bug !!
Allows attackers to gain unauthorized access to systems by executing arbitrary commands
High impact on Linux and Mac OS, where Bash is the default CLI
Shell Shock Vulnerability
3© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Found under Bash’s parsing code which unintentionally executes commands when concatenated, to the end of function definitions that are stored in the values of environment variables.
Where the bug occurs ?
4© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
HTTP Servers: Servers that run on CGI have the capability to expose Bash to a HTTP request, hence a malicious HTTP request can inject arbitrary commands onto the server with Bash invoking it to execute them
SSH: Bash is capable of overcoming the restriction of user authentication with privileged escalations for accessing the commands
How attacker exploiting it ?
5© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Execute the following commands from terminal:
If the output contains the word ‘vulnerable’, then system is vulnerable
How to test it?
6© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
By upgrading to the latest version of Bash “yum update bash” is the command for CentOS
and Red Hat Linux
How to fix it ?
7© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
“Padding Oracle On Downgraded Legacy Encryption”
Man-in-the-middle exploit which takes advantage of security software client’s fallback to SSL 3.0
Google security team discovered this on October 14, 2014
If attackers successful exploit, they need only 256 SSL 3.0 requests to reveal one byte of encrypted message
Poodle Attack
8© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Poodle can be used to target browser based communication that relies on SSL 3.0 (Secure Sockets Layer) for encryption and authentication
This allows attacker to paddle data at the end of block cipher, so that the encryption cipher became less secured
Poodle can force the browser to use SSL 3.0
Where the bug occurs ?
9© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Disable SSL 3.0 on all protocolsEnable TLS(Transport Layer Security) 1.0Prevent TLS 1.0 downgrade attacks by ensuring
both client and server supports only TLS
How to fix it?
10© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential
Thank You