SHELL SHOCK BASH SERVER VULNERABILITY

Sep 30, 2014 Victor Okech Computer, Game, Mobile, Mobile Game, News, PC Game, Technology, Wearable Tech, World 0

Since Heartbleed the SSL vulnerability, comes Shell Shock Bash. Bash is a popular Linux command line utility that runs on almost all Linux servers irrespective of the Linux distro you have installed.

Fixing Shell Shock Bash

On September 24th, a vulnerability was reported in the GNU Bourne-Again-Shell (BASh, or Bash), specifically a flaw with how Bash processes values of environment variables, that allows remote code execution of varying types in many common configurations. The overall risk is severe due to bash being configured for use, by default, on most Linux servers.

In summary, below are some details on this vulnerability:

1. This flaw exploits Bash, a Unix command-line shell run by default on most Linux servers.
2. Allows for remote code execution, and many types of command-line based attacks.
3. A patch is available, and your server can be easily updated.
4. Test the vulnerability of your server with the information below.

The National Cyber Awareness System describes the issue as follows:

GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271.

Checking whether your server is vulnerable

It is very easy to check whether or not your server is vulnerable by running the following (safe to run) code:

cd /tmp; rm -f /tmp/echo; env 'x=() { (a)=>\' bash -c "echo date"; cat /tmp/echo

If your server isn’t vulnerable, then the following will be displayed:

bash: x: line 1: syntax error near unexpected token `=’
bash: x: line 1: `’
bash: error importing function definition for `x’
date
cat: /tmp/echo: No such file or directory

Or in some cases simply:

date
cat: /tmp/echo: No such file or directory

If your server is vulnerable, then the following will be displayed (with the date):

bash: x: line 1: syntax error near unexpected token `=’
bash: x: line 1: `’
bash: error importing function definition for `x’
Fri Sep 26 11:55:07 EDT 2014

And the file /tmp/echo will be created.

Tutorial: Fixing Bash on CentOS

Checklist

1. Lamer Disclaimer: you can run these commands if you know what you are doing. Kisumu News is not responsible for any mistakes you make on your server. If you need professional help then get in touch with us.
2. These instructions are intended specifically for updating Bash on CentOS.
3. Login as root and run the following commands:

Clean-Up Yum

yum clean all

Update Bash

Updating Bash is as simple as running just one command: yum -y update bash

Or you can:

Update All Installed Packages

Optionally, it is possible to update all of the installed packages at once with the following command: yum -y update

• linux, shell shock bash, system administration