Vulnerability – System compromise in bash
Experts on Information Security warned of a new vulnerability ShellShock (CVE-2014-6271), the use of which allows the execution of arbitrary code. The vulnerability affected not only the Internet servers and workstations, but also the devices that we uses in everyday life – smartphones, tablets, home routers, and laptops. According to some estimates, a new vulnerability may be bigger than the sensational Heartbleed earlier this year.
Danger level: High
Availability Corrections: Yes
Number of vulnerabilities: 1
CVSSv2 Rating: (AV: N / AC: L / Au: N / C: C / I: C / A: C / E: U / RL: OF / RC: C) = Base: 10 / Temporal: 7.4
CVE ID: CVE-2014-6271
Vector operation: Remote
Impact: System Compromise
Affected versions: bash versions prior to 4.3
Description:
Vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability is caused due to an error when processing the input data during parsing code. This can be exploited to execute arbitrary commands on the target system.
Bash and OS maintain a list of environment variables that describe the current user, the path to applications on the hard drive and other features. Create an environment variable with a particular structure, an attacker could execute arbitrary code on the victim’s PC the next time you run bash.
Create an environment variable as follows:
· To establish a remote connection via SSH and try to log on. If choose a specific username or hostname, you can create an environment variable with the specific data;
· Forcing user to create their own environment variable;
· Forcing certain programs to set the desired value of the environment variable.
Set your own environment variable, hackers will be able to execute arbitrary code on the user’s device when you next start bash. The situation can become even more dangerous when you use sudo -s, to execute bash with root privileges.
Note that some programs uses bash to commit its own operations. Even if the user does not use bash, his PC may already be vulnerable.
Checking
env x='() { :;}; echo vulnerable' bash -c 'echo hello'
If the system is protected by the user, bash returns the following message:
bash: warning: x: ignoring function definition attempt bash: error importing function definition for `x' hello
If the user’s system is vulnerable, bash returns the following message:
vulnerable hello
Correction
Developers released the urgent correction for this vulnerability. To All users of the operating system Linux (especially Ubuntu distributions and Debian) are advised to download the latest updates for this software.
Solution: Install the latest version 4.3 from the manufacturer.
Link: http: //seclists.org/oss-sec/2014/q3/649
Manufacturer URL: URL: http://ftp.gnu.org/pub/gnu/bash/