I am worried about the millions (actually, worried about mine) of routers/modems that run Linux. How exposed are they to Shellshock?
Asked
Active
Viewed 6,119 times
3 Answers
11
Most Linux-based routers are running an OpenWRT/DD-WRT derivative. These routers use BusyBox as their shell (Bash is much too heavyweight for the hardware), and consequently are not vulnerable.
Mark
- 34,513
- 9
- 86
- 135
-
1Here is a [post](https://blog.pfsense.org/?p=1457) from pfsense too. "The base system of pfSense does not include bash." – Christos Sep 26 '14 at 07:21
-
2Is there a way to test if my own router is vulnerable? – CharlesB Sep 26 '14 at 08:18
-
"Most Linux-based routers are running an OpenWRT/DD-WRT derivative." - lolwut? And busybox is not a shell. – Smit Johnth Sep 28 '14 at 01:53
-
3@SmitJohnth, busybox is a multi-call binary that encapsulates most of what you need to run a command-line Linux into a single executable. Run it under the name `sh` or `ash`, and you get a shell derived from `ash`. – Mark Sep 28 '14 at 02:24
-
@Mark So busybox is not a shell but a wrapper for ash, am I right? – Smit Johnth Sep 28 '14 at 02:41
-
1@SmitJohnth, Sort of maybe if you squint at it right. – Mark Sep 28 '14 at 04:47
-
@Mark sort of maybe? It uses ash or other shell, so it would be vulnerable only if ash or this other shell would be vulnerable. – Smit Johnth Oct 05 '14 at 09:00
-
From the OpenWRT website: The OpenWrt standard unix shell is the Busybox-fork of the Debian implementation of the Almquist shell (see → https://www.in-ulm.de/~mascheck/various/ash/#busybox). In case you want to read about it. – Brian Nov 27 '20 at 18:57
4
Ubiquiti Routers running EdgeOS have much beefier hardware, and run a derivative of Vayatta on Linux that includes bash. Those are likely vulnerable.
http://community.ubnt.com/t5/EdgeMAX/Re-Bash-shell-vuln-Is-ER-also-vulnerable/m-p/1024785
David
- 141
- 3
1
Endian Community Firewall is also currently vulnerable, even though they have already released a patch for their paying customers. Planning on switching to Sophos UTM soon.
tpaletti
- 11
- 1