Security Advisory: Shellshock Bash

Description:

The Shellshock vulnerability exposes a flaw in the Unix Bash shell. This leaves UNIX based operating systems such as Linux, OSX or Bash containing systems like some routers, Apache, CGI websites, firewalls, web connected servers and many other operating systems, based on UNIX vulnerable to running deep level commands after the vulnerability is exploited.

This means that someone who isn’t already logged on to your computer might be able to trick Bash into running a program that it wasn’t supposed to.

Officially, the bug is documented as CVE-2014-6271, CVE-2014-6277, CVE-2014-6278, CVE-2014-7169, CVE-2014-7186 & CVE-2014-7187

Impact:

The ShellShock vulnerability affects GNU Bash that could allow an unauthenticated remote attacker to inject arbitrary commands on a targeted system

How the attack works?

The bug is found in Bash’s parsing code, in the way that Bash parses environment variables during its initialization sequence. Anything that can manipulate the environment variables has the potential to be a vector for this vulnerability when specific characters are included as part of a variable definition.

If the characters “{ :;};” are included as the function definition, any arbitrary code that is inserted after that definition is processed. This isn’t supposed to happen.

Check for Shellshock Vulnerability:

  1. To verify whether a site is vulnerable to Shellshock, checkout open the “Terminal” and enter the command <env x='() { :;}; echo Shellshock’ bash -c “Exploit”>
  2. If the system is vulnerable it would display: Shellshock Exploit

Mitigation:

  • Obtain the latest patches from the vendor and patch the Bash to the latest version. Linux users can simply run ‘apt-get update && apt-get upgrade -y’
  • The string sequence can be added to IDS/IPS, because the malicious data appears in a specific set of places and the string sequence is rarely used elsewhere.

References:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6271

Share this entry

0 Comments

Leave a Comment