Announcement

Collapse
No announcement yet.

IMPORTANT: BASH Vulnerability Affecting Linux & OS X Systems (CVE-2014-7169)

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • IMPORTANT: BASH Vulnerability Affecting Linux & OS X Systems (CVE-2014-7169)

    Hello everyone,

    As reported in mainstream media, Red Hat has been made aware of a vulnerability affecting all versions of the bash package as shipped with Red Hat products. This vulnerability CVE-2014-6271 could allow for arbitrary code execution. Certain services & applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue.

    OVERVIEW:


    GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi & mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, & other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271.

    DIAGNOSTIC TESTS:

    To test if your version of Bash is vulnerable to this issue, run the following command:

    $ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

    If the output of the above command looks as follows:

    vulnerable
    this is a test


    you are using a vulnerable version of Bash.

    PATCH:

    The patch used to fix this issue ensures that no code is allowed after the end of a Bash function. Upgrade Bash using the yum command in ssh:

    yum upgrade bash


    Thus, if you run the above example with the patched version of Bash, you should get an output similar to:

    $ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
    bash: warning: x: ignoring function definition attempt
    bash: error importing function definition for `x'
    this is a test


    eg:
    Code:
    [email protected] [~]# env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
    vulnerable
    this is a test
    Code:
    [email protected] [~]# yum upgrade bash
    Loaded plugins: fastestmirror
    Loading mirror speeds from cached hostfile
     * base: centos.hyve.com
     * extras: centos.hyve.com
     * rpmforge: www.mirrorservice.org
     * rpmforge-extras: www.mirrorservice.org
     * updates: centos.serverspace.co.uk
    base                                                                                                                                                        | 3.7 kB     00:00
    extras                                                                                                                                                      | 3.3 kB     00:00
    rpmforge                                                                                                                                                    | 1.9 kB     00:00
    rpmforge-extras                                                                                                                                             | 1.9 kB     00:00
    updates                                                                                                                                                     | 3.4 kB     00:00
    Setting up Upgrade Process
    Resolving Dependencies
    --> Running transaction check
    ---> Package bash.i686 0:4.1.2-15.el6_4 will be updated
    ---> Package bash.i686 0:4.1.2-15.el6_5.1 will be an update
    --> Finished Dependency Resolution
    
    Dependencies Resolved
    
    =================================================================================================================================================================================
     Package                               Arch                                   Version                                              Repository                                 Size
    =================================================================================================================================================================================
    Updating:
     bash                                  i686                                   4.1.2-15.el6_5.1                                     updates                                   887 k
    
    Transaction Summary
    =================================================================================================================================================================================
    Upgrade       1 Package(s)
    
    Total download size: 887 k
    Is this ok [y/N]: y
    Downloading Packages:
    bash-4.1.2-15.el6_5.1.i686.rpm                                                                                                                              | 887 kB     00:00
    Running rpm_check_debug
    Running Transaction Test
    Transaction Test Succeeded
    Running Transaction
      Updating   : bash-4.1.2-15.el6_5.1.i686                                                                                                                                      1/2
      Cleanup    : bash-4.1.2-15.el6_4.i686                                                                                                                                        2/2
      Verifying  : bash-4.1.2-15.el6_5.1.i686                                                                                                                                      1/2
      Verifying  : bash-4.1.2-15.el6_4.i686                                                                                                                                        2/2
    
    Updated:
      bash.i686 0:4.1.2-15.el6_5.1
    
    Complete!
    Code:
    [email protected] [~]# env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
    bash: warning: x: ignoring function definition attempt
    bash: error importing function definition for `x'
    this is a test
    
    [email protected] [~]#
    Please restart/reboot your system for using this new bash package.

    Customers that are unable to do this themselves or need our assistance are requested to submit a ticket as soon as possible so our technicians can apply the patch for you. If you have any questions or concerns regarding this notice, please submit a ticket. One of our senior technicians will be happy to help you.
    Kind regards,
    Jack Daniel.

    Cloud Hosting || Managed Dedicated Server || Webhosting UK Knowledgebase
Working...
X