Bash ShellShock Remote Code Execution Vulnerability
Hello everybody,
Some people here might be interested. Bash or Bourne Again Shell is prone to a remote code execution vulnerability in terms of how it processes specially crafted environment variables. Most Linux distros are vulnerable. A lot of programs like SSH, telnet, CGI scripts allow bash to be run in the background allowing the vulnerability to be exploited remotely over the network which makes it more scary. Refer to Wolfgang's post BASH Shellshock vulnerability for more details. Proof of Concept: A simple test to check if your Bash is vulnerable is available publicly. PHP Code:
Type apt-get update and apt-get upgrade (for debian) to apply the patch. Once the patch has been applied, the same test will return the following result. PHP Code:
When code is added to the end of the function definition inside the variable, it gets executed when the shell is invoked ("bash -c"). In this case "echo vulnerable" will execute. Once the patch has been applied, code execution after end of the bash function is not allowed. A detailed explanation of the issue can be found at: Bash specially-crafted environment variables code injection attack | Red Hat Security Taken from: https://community.qualys.com/blogs/s...-cve-2014-6271 Greetz, Kia. |
Re: Bash ShellShock Remote Code Execution Vulnerability
why would this be important
it's a local exploit, can you use sudo as a normal user or something or what? |
Re: Bash ShellShock Remote Code Execution Vulnerability
I heard about this vuln and already patched my server against it.
The problem is that you can gain access to BASH from other system services, such as Apache or nginx. Edit: The other problem is that it also inserts stuff into environment variables, which may be picked up by other programs. Incidentally, Redhat, your security blog should have a valid Transport Layer Security certificate for the domain it's on (*.redhat.com) rather than one for a different domain (*.rhcloud.com). |
Re: Bash ShellShock Remote Code Execution Vulnerability
Quote:
I checked and I'm also vulnerable |
Re: Bash ShellShock Remote Code Execution Vulnerability
I don't understand how one can remotely exploit this vulnerability if shell is not exposed by webserver.
I'm not vulnerable (ubuntu 14.04 LTS up to date) but still curious. |
Re: Bash ShellShock Remote Code Execution Vulnerability
Quote:
MAYBE you could use it to poison LD_LIBRARY_PATH, which tells a program where to look for .so files. You might also be able to use it to poison CGI scripts, because CGI is done primarily through environment variables. On a side note, the first bash patch for Ubuntu 14.04 didn't completely fix the problem, so they issued a second update. |
Re: Bash ShellShock Remote Code Execution Vulnerability
I have just fixed it in my Debian Squeeze!
I only ran this and I got it fixed! Code:
apt-get update && apt-get install --only-upgrade bash |
| All times are GMT -4. The time now is 02:44. |
Powered by vBulletin®
Copyright ©2000 - 2024, vBulletin Solutions, Inc.