Shellshock / Bashdoor is a group of security bugs which made the Unix Bash shell vulnerable to exploits. Servers running web services, ftp, etc which use bash to execute certain commands allowed attackers to execute arbitrary commands and may as a result allow them to gain unauthorized access.
Before you fix the vulnerability, you need to know whether the bug affects your version of bash.
CVE-2014-6271
This vulnerability can tested using the following command.
env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
If your system is affected , the word "vulnerable" will be displayed as the part of the output.
CVE-2014-7169
This can be tested using the following command
cd /tmp; env X='() { (a)=>\' bash -c "echo date"; cat echo
If the above command outputs the current date, you will be vulnerable. If it shows the word "date", then you are fine.
You can also test it with the following command.
env -i X=' () { }; echo hello' bash -c 'date'
If the commands gives an output "hello" you are vulnerable.
CVE-2014-7187
Test the vulnerability with the following command.
(for x in {1..200} ; do echo "for x$x in ; do :"; done; for x in {1..200} ; do echo done ; done) | bash || echo "CVE-2014-7187 vulnerable, word_lineno"
If "CVE-2014-7187 vulnerable, word_lineno" comes as a part of the output, then you are vulnerable.
CVE-2014-7186
Use the following command to test for the vulnerablity.
bash -c 'true <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF' || echo "CVE-2014-7186 vulnerable, redir_stack"
If you see " CVE-2014-7186 vulnerable, redir_stack" as a part of the output, then your system is vulnerable.
Fix
The only fix to the issue is to update your bash.
The current version can be known by using the command
bash --version
If you have CentOS-base.repo enabled, then, to update bash use the following command.
yum update bash
No comments:
Post a Comment