Critical BASH vulnerability discovered – update BASH on your CentOS Linux server!!!
## Shellshock vulnerability..!!
Summary
>> A critical code execution vulnerability (Remote) affecting bash (Unix shell) has been discovered on September 24, 2014.
>> The vulnerability occurs because bash does not stop after processing the function definition; it continues to parse and execute shell commands following the function definition.
>> You can fix this by updating “BASH” to its latest version by using YUM.
More about the technical details.
It’s really a critical vulnerability for the CentOS bash which allows remote execution. This BASH vulnerability is resolved in the latest version of BASH “bash-4.1.2-15.el6_5.1”, it’s a prompt fix by the CentOS team.
Normally BASH support exporting variables and also functions to other bash instances via the same process environment to the child processes (indirect).
“Current bash versions use an environment variable named by the function name, and a function definition starting with “() {” in the variable value to propagate function definitions through the environment. The vulnerability occurs because bash does not stop after processing the function definition; it continues to parse and execute shell commands following the function definition.
For example, an environment variable setting of
VAR=() { ignored; }; /bin/id
will execute /bin/id when the environment is imported into the bash process. (The process is in a slightly undefined state at this point. The PATH variable may not have been set up yet, and bash could crash after executing /bin/id, but the damage has already happened at this point.)”
How to check this on your CentOS server?
Yes, you can simply find out whether your CentOS’s bash is vulnerable or not. Please do follow the steps pasted below:
1, SSH to server as root.
2, Execute the following command:
env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
If your server is vulnerable, it will display the following:
[root@testvps ~]# env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
vulnerable
this is a test
Solution
If you obtain this message, then please follow the steps given below:
yum clean all && yum update bash
Then check the version of BASH:
[root@testvps ~]# rpm -qa | grep bash
bash-4.1.2-15.el6_5.1.x86_64
Now execute the following command to check if it is fixed:
[root@testvps ~]# env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test
I also suggest for a server reboot 🙂
If anything more, we will be posting shortly.
Related:
Open SSL Heartbleed vulnerability.