[ALUG] Critical bug in bash: remote code execution

Andreas Tauscher ta at geuka.net
Thu Sep 25 17:33:09 EAT 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

A critical bug [1] allows to execute any code. Anything an attacker
has to do is setting a special environment variable.
All major distributions have already released updates.

To take advantage of the bug access to bash is needed. For example if
the ssh access is limited this limitations can be bypassed.
Also webservers using bash scripts as CGI are vulnerable.

Form the RedHat blog [2] is this short script to test if your version
of bash is vulnerable:
env x='() { :;}; echo OOPS' bash -c /bin/true

How is this working:
The attacker is defining within the variable x a function. Ok, nothing
serious. But bash does after this definition not stop to parse code.

On a vulnerable bash you will get the output OOPS
A fixed bash will quit with an error:
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'

Andreas

[1] https://access.redhat.com/security/cve/CVE-2014-6271
[2]
http://community.redhat.com/blog/2014/09/critical-bash-security-vulnerability-update-your-systems-today/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJUJCelAAoJEEeUknxlyOoQ0FYP/2ReLuksNM6bo4tpacxxN4P6
RYCsJfF2GVQFhMyrP8cCqh+m1jSYO2aCaTMtk4GU5oKI187X878suA9/7YoOW1mm
nw21vYZYF9mRNzF8zmTfwZ4+7ofRi8H1NlfcC7HQNWjeUr8g1oDdICFGYGg9OUFA
W4JzBHYvLyPzLoAcKHBj6DcBC18h/SBGdUGESx6Iz20+zkCOXbcGyCqBg1d3ifOM
fe/GIRM0K7ZsDa+ZPlUQE5Qyfq2UrCE9k+QFx6xc3nxn9DKgCTTMvckIZ9XYZknj
Oh9fl+Z2/TqYU40ZIc0A3fSEbfqYY6EgRXnYryA8Tzy4wmW3tcVdLWgg08sb6Zqb
/oikovYAOEDQEvaz7N6oa/ELpS4mgA8J05f+e4s2xe1EtnEEGaYmfBAX0v6HsPU9
vsT+u25cnC49EAbUOJx85VT/7xN0GLUnkxbebHtLbqw/gEcbnvC1CuY1/VfyiNUr
khFFqw/VRoh7edv0pZkgCowx2wZoiWdsv/FM6646VGgMMw3DH3LGFo49hANjcuRG
lYWxITV7U0DlzAjkxmgsPEiqsf42uEZsoFw6NgRzlEJTP7rz+Jd9L5A0ME6hISTg
EHZahtPq4bo8mcj9hybpg1O8dS0K8qin58OTOWKGXykgUQi6nTh9Go4vezOuAjpJ
4nOhTABCv1c4lYno5cbm
=uFFe
-----END PGP SIGNATURE-----


More information about the Linux mailing list