Notification: A critical vulnerability in bash – September 26, 2014

Posted: September 26, 2014 in Vulnerability News
Tags: ,

bash shellVulnerability – System compromise in bash

Experts on Information Security warned of a new vulnerability ShellShock (CVE-2014-6271), the use of which allows the execution of arbitrary code. The vulnerability affected not only the Internet servers and workstations, but also the devices that we uses in everyday life – smartphones, tablets, home routers, and laptops. According to some estimates, a new vulnerability may be bigger than the sensational Heartbleed earlier this year.

Danger level: High
Availability Corrections: Yes
Number of vulnerabilities: 1
CVSSv2 Rating: (AV: N / AC: L / Au: N / C: C / I: C / A: C / E: U / RL: OF / RC: C) = Base: 10 / Temporal: 7.4
CVE ID: CVE-2014-6271

Vector operation: Remote
Impact: System Compromise

Affected versions: bash versions prior to 4.3

Description:

Vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability is caused due to an error when processing the input data during parsing code. This can be exploited to execute arbitrary commands on the target system.

Bash and OS maintain a list of environment variables that describe the current user, the path to applications on the hard drive and other features. Create an environment variable with a particular structure, an attacker could execute arbitrary code on the victim’s PC the next time you run bash.

Create an environment variable as follows:

· To establish a remote connection via SSH and try to log on. If choose a specific username or hostname, you can create an environment variable with the specific data;
· Forcing user to create their own environment variable;
· Forcing certain programs to set the desired value of the environment variable.

Set your own environment variable, hackers will be able to execute arbitrary code on the user’s device when you next start bash. The situation can become even more dangerous when you use sudo -s, to execute bash with root privileges.

Note that some programs uses bash to commit its own operations. Even if the user does not use bash, his PC may already be vulnerable.

Checking

In order to check whether the system is vulnerable, should be run in a terminal command:

env x='() { :;}; echo vulnerable' bash -c 'echo hello'

If the system is protected by the user, bash returns the following message:

bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
hello

If the user’s system is vulnerable, bash returns the following message:

vulnerable
hello

Correction

Developers released the urgent correction for this vulnerability. To All users of the operating system Linux (especially Ubuntu distributions and Debian) are advised to download the latest updates for this software.

Solution: Install the latest version 4.3 from the manufacturer.

Link: http: //seclists.org/oss-sec/2014/q3/649


 

gnuManufacturer URL: URL: http://ftp.gnu.org/pub/gnu/bash/

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s