+233-2990093-27/29

The Shellshock Bug

7th October 2014

Shellshock
Shellshock, the newly discovered vulnerability that allows attackers to inject code into the affected systems, puts your machines at a serious risk for malicious attacks.
Systems Affected

· GNU Bash through 4.3.

· Linux and Mac OS X systems, on which Bash is part of the base operating system.

· Any BSD or UNIX system on which GNU Bash has been installed as an add-on.

· Any UNIX-like operating system on which the /bin/sh interface is implemented as GNU Bash.

Overview

A critical vulnerability has been reported in the GNU Bourne-Again Shell (Bash), the common command-line shell used in many Linux/UNIX operating systems and Apple’s Mac OS X. The flaw could allow an attacker to remotely execute shell commands by attaching malicious code in environment variables used by the operating system.

Description

GNU Bash versions 1.14 through 4.3 contain a flaw that processes commands placed after function definitions in the added environment variable, allowing remote attackers to execute arbitrary code via a crafted environment which enables network-based exploitation.

Critical instances where the vulnerability may be exposed include:

· Apache HTTP Server using mod_cgi or mod_cgid scripts either written in bash, or spawn GNU Bash subshells, or on any system where the /bin/sh interface is implemented using GNU Bash.

· Override or Bypass ForceCommand feature in OpenSSH sshd and limited protection for some Git and Subversion deployments used to restrict shells and allows arbitrary command execution capabilities. This data path is vulnerable on systems where the /bin/sh interface is implemented using GNU Bash.

· Allow arbitrary commands to run on a DHCP client machine.

Impact

This vulnerability is classified by industry standards as “High” impact with CVSS Impact Subscore 10 and “Low” on complexity, which means it takes little skill to perform. This flaw allows attackers who can provide specially crafted environment variables containing arbitrary commands to execute on vulnerable systems. It is especially dangerous because of the prevalent use of the Bash shell and its ability to be called by an application in numerous ways.

Solution

You can test your system by running this command from the Terminal:

env x='() { :;}; echo vulnerable’ bash -c ‘echo hello’

If you’re not vulnerable, you’ll get this result:

bash: warning: x: ignoring function definition attempt bash: error importing function definition for `x’ hello

If you are vulnerable, you’ll get:

vulnerable hello

You can also check the version of bash you’re running by entering:

bash –version

Many Linux distributions already have patches available:

sudo apt-get update && sudo apt-get install –only-upgrade bash

Run the test again to make sure you have successfully patched the system.

Leave a Reply

Name (Required)

Email (Required - will not be published)

Website

Message (Required)