1© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

Shell shock & Poodle Vulnerabilities, Fix

-Sasidhar Gogulapati

2© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

Shellshock is a security bug in Bash command-line interpreter(CLI)

Revealed by Linux expert Stephane Chazelas on 24th September, 2014. It’s a 10 years old bug !!

Allows attackers to gain unauthorized access to systems by executing arbitrary commands

High impact on Linux and Mac OS, where Bash is the default CLI

Shell Shock Vulnerability

3© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

Found under Bash’s parsing code which unintentionally executes commands when concatenated, to the end of function definitions that are stored in the values of environment variables.

Where the bug occurs ?

4© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

HTTP Servers: Servers that run on CGI have the capability to expose Bash to a HTTP request, hence a malicious HTTP request can inject arbitrary commands onto the server with Bash invoking it to execute them

SSH: Bash is capable of overcoming the restriction of user authentication with privileged escalations for accessing the commands

How attacker exploiting it ?

5© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

Execute the following commands from terminal:

If the output contains the word ‘vulnerable’, then system is vulnerable

How to test it?

6© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

By upgrading to the latest version of Bash “yum update bash” is the command for CentOS

and Red Hat Linux

How to fix it ?

7© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

“Padding Oracle On Downgraded Legacy Encryption”

Man-in-the-middle exploit which takes advantage of security software client’s fallback to SSL 3.0

Google security team discovered this on October 14, 2014

If attackers successful exploit, they need only 256 SSL 3.0 requests to reveal one byte of encrypted message

Poodle Attack

8© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

Poodle can be used to target browser based communication that relies on SSL 3.0 (Secure Sockets Layer) for encryption and authentication

This allows attacker to paddle data at the end of block cipher, so that the encryption cipher became less secured

Poodle can force the browser to use SSL 3.0

Where the bug occurs ?

9© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

Disable SSL 3.0 on all protocolsEnable TLS(Transport Layer Security) 1.0Prevent TLS 1.0 downgrade attacks by ensuring

both client and server supports only TLS

How to fix it?

10© 2015 Cisco and/or its affiliates. All rights reserved. Cisco Confidential

Thank You