[ALUG] Critical bug in bash: remote code execution

Christopher Glass tribaal at gmail.com
Thu Sep 25 17:40:23 EAT 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

It is advised that you update your systems IMMEDIATELY as this is already
being exploited in the wild.
Most linux distributions already have patched versions in their repositories.

Note: this bug affect OSX as well. If you have OSX machines, you'll need
to recompile bash with the patch and reinstall it.

- - - Chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJUJCk5AAoJEItN0WshMzvbylYP/1IfH5NpT1/j9n/iFuSOD2zC
5VCDqQjAlfSh61D7ubIvy25OCr26IeQdVyQs+SZ/+5twb6CM9vQbd0mJcOqsTDjm
BZ79Wj1rVBi0eC9JOgKMxwFfoNEPbcSpMhcVuJZyArrSjCqL/4o5dKYC6wIQK8gS
bS1NYKVlQmiYdItGifFvRVMy9hovKlGlcI2swiCyGl9IkgKVMbxDUhBP/WVaePP4
24XG7GltvoHPb/Yr/YnLixB23ul5Bkg+aGXrWWAxycbFVJc+qIXKjecrNBPvyUvY
5Ha2As/JSv3lxS036O5in2RJKl0E4LhOPVKe6YDFUU+By4Qn1n3vr9qv/fYMggMn
Kqu5aem08oVsjiOwIzaLrFcWdeJqwzzIUn9pk4/ft2eOt0TL7tbASQbjyhwXiJ0o
s2+fHI2broL4pBNawcvZkyWpT4YYIs+/k8KYsKWv4BSCMfNVUMWMuLFPBPZG526R
0XRyrK1oO2m067w8HrzrHF9Ee4I7Yhi1lCkIDZ6iH7PY0e7Bn3EdFlx9Tc6viBow
ExZNuicTo78DUu2XPeWGC9B9M43AZmAOPKfjqgkUXVTiV9CoaYSmjcoCEPQI+Nr6
mZKAfSq3EObxZhQ/SDDPsekfgX5VMB5OO6lrywbMzrfo+oWcIpWCZs30liwLWP4n
b1lFxf4EMx4itLxkLI3W
=2Bb8
-----END PGP SIGNATURE-----


On Thu, Sep 25, 2014 at 5:33 PM, Andreas Tauscher via Linux
<linux at lists.habari.co.tz> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> A critical bug [1] allows to execute any code. Anything an attacker
> has to do is setting a special environment variable.
> All major distributions have already released updates.
>
> To take advantage of the bug access to bash is needed. For example if
> the ssh access is limited this limitations can be bypassed.
> Also webservers using bash scripts as CGI are vulnerable.
>
> Form the RedHat blog [2] is this short script to test if your version
> of bash is vulnerable:
> env x='() { :;}; echo OOPS' bash -c /bin/true
>
> How is this working:
> The attacker is defining within the variable x a function. Ok, nothing
> serious. But bash does after this definition not stop to parse code.
>
> On a vulnerable bash you will get the output OOPS
> A fixed bash will quit with an error:
> bash: warning: x: ignoring function definition attempt
> bash: error importing function definition for `x'
>
> Andreas
>
> [1] https://access.redhat.com/security/cve/CVE-2014-6271
> [2]
> http://community.redhat.com/blog/2014/09/critical-bash-security-vulnerability-update-your-systems-today/
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.17 (GNU/Linux)
> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
>
> iQIcBAEBAgAGBQJUJCelAAoJEEeUknxlyOoQ0FYP/2ReLuksNM6bo4tpacxxN4P6
> RYCsJfF2GVQFhMyrP8cCqh+m1jSYO2aCaTMtk4GU5oKI187X878suA9/7YoOW1mm
> nw21vYZYF9mRNzF8zmTfwZ4+7ofRi8H1NlfcC7HQNWjeUr8g1oDdICFGYGg9OUFA
> W4JzBHYvLyPzLoAcKHBj6DcBC18h/SBGdUGESx6Iz20+zkCOXbcGyCqBg1d3ifOM
> fe/GIRM0K7ZsDa+ZPlUQE5Qyfq2UrCE9k+QFx6xc3nxn9DKgCTTMvckIZ9XYZknj
> Oh9fl+Z2/TqYU40ZIc0A3fSEbfqYY6EgRXnYryA8Tzy4wmW3tcVdLWgg08sb6Zqb
> /oikovYAOEDQEvaz7N6oa/ELpS4mgA8J05f+e4s2xe1EtnEEGaYmfBAX0v6HsPU9
> vsT+u25cnC49EAbUOJx85VT/7xN0GLUnkxbebHtLbqw/gEcbnvC1CuY1/VfyiNUr
> khFFqw/VRoh7edv0pZkgCowx2wZoiWdsv/FM6646VGgMMw3DH3LGFo49hANjcuRG
> lYWxITV7U0DlzAjkxmgsPEiqsf42uEZsoFw6NgRzlEJTP7rz+Jd9L5A0ME6hISTg
> EHZahtPq4bo8mcj9hybpg1O8dS0K8qin58OTOWKGXykgUQi6nTh9Go4vezOuAjpJ
> 4nOhTABCv1c4lYno5cbm
> =uFFe
> -----END PGP SIGNATURE-----
> _______________________________________________
> The Arusha Linux User Group: http://unix.or.tz
> Linux mailing list
> Linux at lists.habari.co.tz
> http://lists.habari.co.tz/cgi-bin/mailman/listinfo/linux
>
> The Arusha LUG mailing list is generously hosted by Habari Node Ltd: http://www.habari.co.tz/
>
> The above comments and data are owned by whoever posted them (including attachments if any). The mailing list host is not responsible for them in any way.


More information about the Linux mailing list