CVE-2014-6271: remote code execution through bash – Critical BASH vulnerability discovered

Critical BASH vulnerability discovered – update BASH on your CentOS Linux server!!!

## Shellshock vulnerability..!!

Summary

>> A critical code execution vulnerability (Remote) affecting bash (Unix shell) has been discovered on September 24, 2014.
>> The vulnerability occurs because bash does not stop after processing the function definition; it continues to parse and execute shell commands following the function definition.
>> You can fix this by updating “BASH” to its latest version by using YUM.

More about the technical details.

It’s really a critical vulnerability for the CentOS bash which allows remote execution. This BASH vulnerability is resolved in the latest version of BASH “bash-4.1.2-15.el6_5.1”, it’s a prompt fix by the CentOS team.

Normally BASH support exporting variables and also functions to other bash instances via the same process environment to the child processes (indirect).

“Current bash versions use an environment variable named by the function name, and a function definition starting with “() {” in the variable value to propagate function definitions through the environment. The vulnerability occurs because bash does not stop after processing the function definition; it continues to parse and execute shell commands following the function definition.

For example, an environment variable setting of

VAR=() { ignored; }; /bin/id

will execute /bin/id when the environment is imported into the bash process. (The process is in a slightly undefined state at this point. The PATH variable may not have been set up yet, and bash could crash after executing /bin/id, but the damage has already happened at this point.)”

How to check this on your CentOS server?

Yes, you can simply find out whether your CentOS’s bash is vulnerable or not. Please do follow the steps pasted below:

1, SSH to server as root.
2, Execute the following command:

env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

If your server is vulnerable, it will display the following:

[[email protected] ~]# env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
vulnerable
this is a test

Solution

If you obtain this message, then please follow the steps given below:

yum clean all && yum update bash

Then check the version of BASH:

[[email protected] ~]# rpm -qa | grep bash
bash-4.1.2-15.el6_5.1.x86_64

Now execute the following command to check if it is fixed:

[[email protected] ~]# env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test

I also suggest for a server reboot 🙂

If anything more, we will be posting shortly.

Related:
Open SSL Heartbleed vulnerability.

LiteSpeed update released against Shellshock vulnerability.

Arunlal Ashok

Linux Server Administrator. I'm dealing with Linux servers since 2012. I started this blog to share and discuss my ideas with the world. Check My Profile!! in uPwork (oDesk) and let me know if you need any assistance. Thanks!!

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *