Tweet
Hello everyone,
As reported in mainstream media, Red Hat has been made aware of a vulnerability affecting all versions of the bash package as shipped with Red Hat products. This vulnerability CVE-2014-6271 could allow for arbitrary code execution. Certain services & applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue.
OVERVIEW:
GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi & mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, & other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271.
DIAGNOSTIC TESTS:
To test if your version of Bash is vulnerable to this issue, run the following command:
$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
If the output of the above command looks as follows:
vulnerable
this is a test
you are using a vulnerable version of Bash.
PATCH:
The patch used to fix this issue ensures that no code is allowed after the end of a Bash function. Upgrade Bash using the yum command in ssh:
yum upgrade bash
Thus, if you run the above example with the patched version of Bash, you should get an output similar to:
$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test
eg:
Please restart/reboot your system for using this new bash package.
Customers that are unable to do this themselves or need our assistance are requested to submit a ticket as soon as possible so our technicians can apply the patch for you. If you have any questions or concerns regarding this notice, please submit a ticket. One of our senior technicians will be happy to help you.
As reported in mainstream media, Red Hat has been made aware of a vulnerability affecting all versions of the bash package as shipped with Red Hat products. This vulnerability CVE-2014-6271 could allow for arbitrary code execution. Certain services & applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue.
OVERVIEW:
GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi & mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, & other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271.
DIAGNOSTIC TESTS:
To test if your version of Bash is vulnerable to this issue, run the following command:
$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
If the output of the above command looks as follows:
vulnerable
this is a test
you are using a vulnerable version of Bash.
PATCH:
The patch used to fix this issue ensures that no code is allowed after the end of a Bash function. Upgrade Bash using the yum command in ssh:
yum upgrade bash
Thus, if you run the above example with the patched version of Bash, you should get an output similar to:
$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test
eg:
Code:
[I][COLOR=#000000]root@area51 [~]# env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
[/COLOR][COLOR=#ff0000][B]vulnerable
this is a test[/B][/COLOR][/I]
Code:
root@area51 [~]# [B]yum upgrade bash[/B] Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * base: centos.hyve.com * extras: centos.hyve.com * rpmforge: www.mirrorservice.org * rpmforge-extras: www.mirrorservice.org * updates: centos.serverspace.co.uk base | 3.7 kB 00:00 extras | 3.3 kB 00:00 rpmforge | 1.9 kB 00:00 rpmforge-extras | 1.9 kB 00:00 updates | 3.4 kB 00:00 Setting up Upgrade Process Resolving Dependencies --> Running transaction check ---> Package bash.i686 0:4.1.2-15.el6_4 will be updated ---> Package bash.i686 0:4.1.2-15.el6_5.1 will be an update --> Finished Dependency Resolution Dependencies Resolved ================================================================================================================================================================================= Package Arch Version Repository Size ================================================================================================================================================================================= Updating: bash i686 4.1.2-15.el6_5.1 updates 887 k Transaction Summary ================================================================================================================================================================================= Upgrade 1 Package(s) Total download size: 887 k Is this ok [y/N]: y Downloading Packages: bash-4.1.2-15.el6_5.1.i686.rpm | 887 kB 00:00 Running rpm_check_debug Running Transaction Test Transaction Test Succeeded Running Transaction Updating : bash-4.1.2-15.el6_5.1.i686 1/2 Cleanup : bash-4.1.2-15.el6_4.i686 2/2 Verifying : bash-4.1.2-15.el6_5.1.i686 1/2 Verifying : bash-4.1.2-15.el6_4.i686 2/2 Updated: bash.i686 0:4.1.2-15.el6_5.1 Complete!
Code:
root@area51 [~]# env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
[COLOR=#008000]bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test[/COLOR]
root@area51 [~]#
Customers that are unable to do this themselves or need our assistance are requested to submit a ticket as soon as possible so our technicians can apply the patch for you. If you have any questions or concerns regarding this notice, please submit a ticket. One of our senior technicians will be happy to help you.