Common Vulnerabilities and Exposures (CVE):
• CVE-2014-6271 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271
• CVE-2014-7169 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7169
What is Bash?
Bash, or bourne-again shell, is the default shell in Ubuntu. When you are interfacing with the terminal (either through the terminal emulator, over a tty, or ssh), you are generally typing commands that bash
will read and execute. Even if you do not use the terminal at all, you still have Bash. (Source: http://askubuntu.com/questions/528101/what-is-the-cve-2014-6271-bash-vulnerability-and-how-do-i-fix-it)
Description:
The original discovered vulnerability (CVE-2014-6271) was related to the flaw found in the bash functionality that evaluates specially formatted environment variables passed to it from another environment. An attacker could use this feature to override or bypass restrictions to the environment to execute shell commands before restrictions have been applied. Certain services and applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue.
Additional vulnerabilities have been published afterward (See Common Vulnerabilities and Exposures (CVE): above)
How does the exploit affect me?
In addition to the external references below, Read the section "How does the exploit affect me? : http://askubuntu.com/questions/528101/what-is-the-cve-2014-6271-bash-vulnerability-and-how-do-i-fix-it
Affected Systems:
1- Ubuntu: http://www.ubuntu.com/usn/usn-2362-1/
2- CentOS: Versions 5,6,7: http://lists.centos.org/pipermail/centos/2014-September/146099.html
3- Debian: https://security-tracker.debian.org/tracker/CVE-2014-6271
4- MacOs: http://alblue.bandlem.com/2014/09/bash-remote-vulnerability.html
Steps to reproduce the problem
Execute the following command (Recommended):
for i in `type -a bash| egrep -o "/.*"`; do /bin/echo -n "$i " ; x="() { :; };t=un" $i -c 'echo is ${t}safe' 2>/dev/null; done
Or this one:
env x='() { :;}; echo vulnerable' bash -c "echo hello"
- If your system is vulnerable, the output will be:
vulnerable
hello
- If your system is not vulnerable, the output will be:
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for`x'
hello
For CVE-2014-7169
Execute the following command:
cd /tmp; rm -f /tmp/echo; env 'x=() { (a)=>\' bash -c "echo date"; cat /tmp/echo
- If your system is vulnerable, the output will be:
# cd /tmp; rm -f /tmp/echo; env 'x=() { (a)=>\' bash -c "echo date"; cat /tmp/echo
bash: x: line 1: syntax error near unexpected token `='
bash: x: line 1: `'
bash: error importing function definition for `x'
Fri Sep 26 09:53:04 EDT 2014
- If your system is not vulnerable, the output will be:
# cd /tmp; rm -f /tmp/echo; env 'x=() { (a)=>\' bash -c "echo date"; cat /tmp/echo
date
cat: /tmp/echo: No such file or directory
Resolution:
If you are not able to update the vulnerable bash package using the command below (ex: old operating system version, ...), please communicate with our technical support team.
1- Ubuntu: http://www.ubuntu.com/usn/usn-2362-1/
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
You can check your package version by using the command:
dpkg -s bash | grep Version
Update your packages list and install the new version of the bash package:
sudo apt-get update && sudo apt-get install bash
2- CentOS:
Check the version of your bash package:
rpm -qa bash
Update your bash package:
yum update bash
3- Debian: https://security-tracker.debian.org/tracker/CVE-2014-6271
Update the packages list and install the latest version of bash:
sudo apt-get update && sudo apt-get install bash
4- MacOS: Follow the instructions: http://alblue.bandlem.com/2014/09/bash-remote-vulnerability.html
References:
- CVE-2014-6271 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271
- CVE-2014-7169 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7169
- CVE-2014-7186 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7186
- CVE-2014-7187 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7187
- CVE-2014-6277 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6277
- CVE-2014-6278 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6278
- https://github.com/hannob/bashcheck
Additional details are available: http://www.cvedetails.com/vulnerability-list/vendor_id-72/product_id-21050/year-2014/GNU-Bash.html
0 Comments