Powered by eUKhost®

Announcement

Collapse
No announcement yet.

IMPORTANT: BASH Vulnerability Affecting Linux & OS X Systems (CVE-2014-7169)

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • IMPORTANT: BASH Vulnerability Affecting Linux & OS X Systems (CVE-2014-7169)

    Hello everyone,

    As reported in mainstream media, Red Hat has been made aware of a vulnerability affecting all versions of the bash package as shipped with Red Hat products. This vulnerability CVE-2014-6271 could allow for arbitrary code execution. Certain services & applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue.

    SEVERITY:

    The vulnerability has been rated as 10 for severity, meaning it is critical, & low for complexity, meaning it's easy to be exploited by hackers.

    OVERVIEW:


    GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi & mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, & other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271.

    DIAGNOSTIC TESTS:

    To test if your version of Bash is vulnerable to this issue, run the following command:

    env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

    If the output of the above command looks as follows:

    vulnerable
    this is a test


    you are using a vulnerable version of Bash.

    PATCH:

    The patch used to fix this issue ensures that no code is allowed after the end of a Bash function. Upgrade Bash using the yum command in ssh:

    yum upgrade bash


    Thus, if you run the above example with the patched version of Bash, you should get an output similar to:

    env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
    bash: warning: x: ignoring function definition attempt
    bash: error importing function definition for `x'
    this is a test


    eg:
    Code:
    [email protected] [~]# env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
    vulnerable
    this is a test
    Code:
    [email protected] [~]# yum upgrade bash
    Loaded plugins: fastestmirror
    Loading mirror speeds from cached hostfile
     * base: centos.hyve.com
     * extras: centos.hyve.com
     * rpmforge: www.mirrorservice.org
     * rpmforge-extras: www.mirrorservice.org
     * updates: centos.serverspace.co.uk
    base                                                                                                                                                      | 3.7 kB     00:00
    extras                                                                                                                                                    | 3.3 kB     00:00
    rpmforge                                                                                                                                                  | 1.9 kB     00:00
    rpmforge-extras                                                                                                                                           | 1.9 kB     00:00
    updates                                                                                                                                                   | 3.4 kB     00:00
    Setting up Upgrade Process
    Resolving Dependencies
    --> Running transaction check
    ---> Package bash.i686 0:4.1.2-15.el6_4 will be updated
    ---> Package bash.i686 0:4.1.2-15.el6_5.1 will be an update
    --> Finished Dependency Resolution
    
    Dependencies Resolved
    
    =================================================================================================================================================================================
     Package                               Arch                                  Version                                              Repository                                Size
    =================================================================================================================================================================================
    Updating:
     bash                                  i686                                  4.1.2-15.el6_5.1                                     updates                                  887 k
    
    Transaction Summary
    =================================================================================================================================================================================
    Upgrade       1 Package(s)
    
    Total download size: 887 k
    Is this ok [y/N]: y
    Downloading Packages:
    bash-4.1.2-15.el6_5.1.i686.rpm                                                                                                                            | 887 kB     00:00
    Running rpm_check_debug
    Running Transaction Test
    Transaction Test Succeeded
    Running Transaction
      Updating   : bash-4.1.2-15.el6_5.1.i686                                                                                                                                    1/2
      Cleanup    : bash-4.1.2-15.el6_4.i686                                                                                                                                      2/2
      Verifying  : bash-4.1.2-15.el6_5.1.i686                                                                                                                                    1/2
      Verifying  : bash-4.1.2-15.el6_4.i686                                                                                                                                      2/2
    
    Updated:
      bash.i686 0:4.1.2-15.el6_5.1
    
    Complete!
    Code:
    [email protected] [~]# env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
    bash: warning: x: ignoring function definition attempt
    bash: error importing function definition for `x'
    this is a test
    
    [email protected] [~]#
    Please restart/reboot your system for using this new bash package.

    Customers that are unable to do this themselves or need our assistance are requested to submit a ticket as soon as possible so our technicians can apply the patch for you. If you have any questions or concerns regarding this notice, please submit a ticket. One of our senior technicians will be happy to help you.
    Rock _a.k.a._ Jack Daniel

    Follow eUKhost on Twitter || Join eUKhost Community on Facebook

  • #2
    Re: IMPORTANT: BASH Vulnerability Affecting Linux & OS X Systems (CVE-2014-7169)

    Great and informative post - Thank you.

    I have upgraded my dedicated server as suggested but just need to clarify the last part about restart/reboot - Which element am I restarting as I have a choice of options in WHM? I am guessing it is Apache that requires restart?

    Thanks

    David

    Comment


    • #3
      Re: IMPORTANT: BASH Vulnerability Affecting Linux & OS X Systems (CVE-2014-7169)

      Originally posted by 3cellhosting View Post
      Great and informative post - Thank you.

      I have upgraded my dedicated server as suggested but just need to clarify the last part about restart/reboot - Which element am I restarting as I have a choice of options in WHM? I am guessing it is Apache that requires restart?

      Thanks

      David
      Hello David,

      You will need to reboot your server after you have updated to the patched version of GNU Bash.

      Kind Regards,

      Ben Stones
      Find us on Twitter and Facebook

      Need to contact us?
      Customer Support: Client Area - 0800 862 0380 (option 2)
      Customer Relations: [email protected] - 0800 862 0380 (option 3)
      Sales: [email protected] - 0800 862 0380 (option 1)




      The opinions or views expressed above are not necessarily the opinions or views of eUKhost Ltd.

      Comment


      • #4
        Re: IMPORTANT: BASH Vulnerability Affecting Linux & OS X Systems (CVE-2014-7169)

        Originally posted by 3cellhosting View Post
        Great and informative post - Thank you.

        I have upgraded my dedicated server as suggested but just need to clarify the last part about restart/reboot - Which element am I restarting as I have a choice of options in WHM? I am guessing it is Apache that requires restart?

        Thanks

        David
        Hi David,

        Rebooting the server will restart all the services hosted on it. It's recommended to do so or if you would like us to reboot it for you..
        Rock _a.k.a._ Jack Daniel

        Follow eUKhost on Twitter || Join eUKhost Community on Facebook

        Comment


        • #5
          Re: IMPORTANT: BASH Vulnerability Affecting Linux & OS X Systems (CVE-2014-7169)

          @Rock, Any update on CVE-2014-6271? Or is the patch for CVE-2014-7169 good enough? Or should we use both patch?

          Comment


          • #6
            Re: IMPORTANT: BASH Vulnerability Affecting Linux & OS X Systems (CVE-2014-7169)

            Originally posted by Irene9001 View Post
            @Rock, Any update on CVE-2014-6271? Or is the patch for CVE-2014-7169 good enough? Or should we use both patch?

            The bash update( yum update bash ) does resolved the basic Vulnerability issue but still as per RHEL/Centos CVE report ,It was found that the fix for CVE-2014-6271 was incomplete, and Bash still allowed certain characters to be injected into other environments via specially crafted environment variables. An attacker could potentially use this flaw to override or bypass environment restrictions to execute shell commands. Certain services and applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue.


            The vulnerability arises from the fact that you can create environment variables with specially-crafted values before calling the Bash shell. These variables can contain code, which gets executed as soon as the shell is invoked.

            The name of these crafted variables does not matter, only their contents. As a result, this vulnerability is exposed in many contexts, for example:

            • ForceCommand is used in sshd configs to provide limited command execution capabilities for remote users. This flaw can be used to bypass that and provide arbitrary command execution. Some Git and Subversion deployments use such restricted shells. Regular use of OpenSSH is not affected because users already have shell access.

            • Apache server using mod_cgi or mod_cgid are affected if CGI scripts are either written in Bash, or spawn subshells. Such subshells are implicitly used by system/popen in C, by os.system/os.popen in Python, system/exec in PHP (when run in CGI mode), and open/system in Perl if a shell is used (which depends on the command string).

            • PHP scripts executed with mod_php are not affected even if they spawn subshells.

            • DHCP clients invoke shell scripts to configure the system, with values taken from a potentially malicious server. This would allow arbitrary commands to be run, typically as root, on the DHCP client machine.

            • Various daemons and SUID/privileged programs may execute shell scripts with environment variable values set / influenced by the user, which would allow for arbitrary commands to be run.

            • Any other application which is hooked onto a shell or runs a shell script as using Bash as the interpreter. Shell scripts which do not export variables are not vulnerable to this issue, even if they process untrusted content and store it in (unexported) shell variables and open subshells.


            Like “real” programming languages, Bash has functions, though in a somewhat limited implementation, and it is possible to put these Bash functions into environment variables.

            We have additional information regarding specific Red Hat products affected by this issue that can be found at https://access.redhat.com/site/solutions/1207723

            Information on CentOS can be found at http://lists.centos.org/pipermail/ce...er/146099.html.


            Thanks and Regards,
            Alex Parker
            Senior System Administrator.
            Dedicated Hosting || Semi Dedicated Hosting|Disaster Recovery Solutions

            EMAIL:alex @ eukhost.com
            MSN: alex @ eukhost.com
            SKYPE: euk_alexp

            Comment


            • #7
              Re: IMPORTANT: BASH Vulnerability Affecting Linux & OS X Systems (CVE-2014-7169)

              IMPORTANT: BASH 'Shellshock' Vulnerability Affecting Linux & OS X Systems!

              PATCH RELEASED!


              RedHat along with Bash developers have released an updated for bash ( version 4.1.2-15.el6_5.2 ) today, which patches the following security flaws:

              CVE-2014-6271
              CVE-2014-7169
              CVE-2014-7186
              CVE-2014-7187
              CVE-2014-6277
              CVE-2014-6278


              All you need to is run the following as root in SSH:

              yum upgrade bash -y

              eg:

              [[email protected] ~]# yum upgrade bash -y

              Similar patches/updates have been released by Apple following the OS X bash Update 1.0 for OS X Mavericks, Mountain Lion and Lion, targeting the recently discovered "Shellshock" security flaw originating in the bash UNIX shell. Updating the systems to the latest available patches is recommended.


              Please contact our support team if you face any challenges in upgrading the bash version on your VPS/Dedicated Servers.
              Rock _a.k.a._ Jack Daniel

              Follow eUKhost on Twitter || Join eUKhost Community on Facebook

              Comment


              • #8
                Re: IMPORTANT: BASH Vulnerability Affecting Linux & OS X Systems (CVE-2014-7169)

                There have been questions about ShellShock Bug and whether to do complete server reboot or services restart after installing the update. Here are the answers to all Frequently Asked Questions about bash code injection vulnerability [Ie.Shellshock]

                https://access.redhat.com/articles/1200223
                Regards,
                Kieran A.
                Cloud Administrator
                Skype :: Kieran.Alen | eUKhost

                Comment

                ban-img
                Working...
                X