Saturday, 27 September 2014

Shellshock - Bash Vulnerability

Everyone using Linux, Unix and OSX should have hopefully heard about this by now.  For those who don't know, the Bash shell which is included in pretty much all Linux distros along with Unix variants such as Solaris, Mac OSX, NetBSD and FreeBSD will all be vulnerable to this issue, along with all sorts of embedded devices such as Routers, VPN and SSL Concentrators, Load Balancer Appliances to name but a few...

The issue is a flaw in the way Bash evaluates certain specially crafted environmental variables. An attacker could exploit this by bypassing environment restrictions to execute shell commands. 

There are now 4 separate issues relating to this;

CVE-2014-6271
CVE-2014-7169
CVE-2014-7186
CVE-2014-7187

To check to see if your system is vulnerable run the following command as a non-root user; 

env X='() { (a)=>\' sh -c "echo date"; cat echo

If a file called 'echo' is created in the current directory and it contains the date, you need to 
patch your system.


Red Hat have produced a good FAQ on the whole issue.

Also, Virtualisation platforms that have a Linux element such as VMware ESX and ESXi 
and XenServer will also be vulnerable.

No comments :