How to Fix Bash Shellshock CVE-2014-6271, CVE-2014-7169 on Linux

-

CVE-2014-6271 is a high impact critical fix. If you are running a Linux system, you should fix this vulnerability.

This CVE-2014-6271 (and CVE-2014-7169) vulnerability is also called as Shellshock.

A flaw was found in the way Bash evaluated certain specially crafted environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Certain services and applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue.

Using bash shell, this vulnerability allows an attacker to execute random shell commands on your environment. The idea behind this is an attacker can bypass the environment variable restriction, which allows him to execute shell commands.

Please note that some services (or application) that are running on Linux servers might allow unauthenticated attackers to specify some environment variables, which will in-turn allow them to exploit this vulnerability over the network without any authentication.

All you have to do to fix this is to upgrade your bash to the latest version. For example, on RedHat or CentOS, do the following to fix this issue:

yum update bash

Is your System Vulnerable to CVE-2014-6271?

RedHat has provided the following script to test whether your system is vulnerable or not.

If you see the word "vulnerable" in the output, then your system is vulnerable.

env 'x=() { :;}; echo vulnerable' 'BASH_FUNC_x()=() { :;}; echo vulnerable' bash -c "echo test"

Please note that you might also see some error message along with with the word "vulnerable" in the output. For example, the following is the output on a RedHat 5 and RedHat 6 (and CentOS 5 and 6) system that is vulnerable.

# env 'x=() { :;}; echo vulnerable' 'BASH_FUNC_x()=() { :;}; echo vulnerable' bash -c "echo test"  vulnerable  bash: BASH_FUNC_x(): line 0: syntax error near unexpected token `)'  bash: BASH_FUNC_x(): line 0: `BASH_FUNC_x() () { :;}; echo vulnerable'  bash: error importing function definition for `BASH_FUNC_x'  test

Bash Version Before the Fix

Before fixing the issue, check your current bash version. On RedHat 5 (and CentOS 5), I had the following bash version before the fix:

# rpm -qa | grep bash  bash-3.2-24.el5

On RedHat 6 (and CentOS 6), I had the following bash version before the fix:

# rpm -qa | grep bash  bash-4.1.2-3.el6.x86_64

Fix the CVE-2014-6271

Now, update the bash using yum (or other package management utility for your appropriate distribution)

yum update bash

On RedHat 5 (and CentOS 5), the following is the bash version after the update, which fixed the vulnerability.

# rpm -qa | grep bash  bash-3.2-33.el5_11.4

On RedHat 6 (and CentOS 6), the following is the bash version after the update, which fixed the vulnerability.

# rpm -qa | grep bash  bash-4.1.2-15.el6_5.2.x86_64

Test the CVE-2014-6271 Vulnerability after the fix

After the bash is upgraded to the latest version, when you execute the test, you'll not see the word "vulnerable" in the following command output. Please note that the warning and the error message shown below is Ok.

# env 'x=() { :;}; echo vulnerable' 'BASH_FUNC_x()=() { :;}; echo vulnerable' bash -c "echo test"  bash: warning: x: ignoring function definition attempt  bash: error importing function definition for `BASH_FUNC_x'  test

What about CVE-2014-7169?

After the initial fix was released, redhat found out that the CVE-2014-6271 fix was incomplete, and bash still allowed few characters that can be put in the environment variable under some special circumstances.

When you did the yum update bash from the previous step, it will automatically get the latest version of bash, which also includes the fix for CVE-2014-7169. So, you really don't have to do anything specific for this fix.

However, you can still test to make sure your system is not vulnerable to this issue by executing the following on your system:

cd /tmp; rm -f /tmp/echo; env 'x=() { (a)=>\' bash -c "echo date"; cat /tmp/echo

On a system that is vulnerable to CVE-2014-7169, you'll notice that the following created the file /tmp/echo, and it will display the content of the file.

If you see the following output, you should update your bash to latest version using "yum update bash" (or use appropriate package management utility for your distro)

# cd /tmp; rm -f /tmp/echo; env 'x=() { (a)=>\' bash -c "echo date"; cat /tmp/echo  bash: x: line 1: syntax error near unexpected token `='  bash: x: line 1: `'  bash: error importing function definition for `x'  Fri Sep 26 16:15:09 PDT 2014

If you system is not vulnerable to CVE-2014-7169, you'll see the following output, which will not create the /tmp/echo file.

# cd /tmp; rm -f /tmp/echo; env 'x=() { (a)=>\' bash -c "echo date"; cat /tmp/echo  date  cat: /tmp/echo: No such file or directory

Additional Information


--
Thank You.

Regards,
Guru





Popular posts from this blog

Shrink you container size up to 95%.

-
BLAFS is a bloat-aware filesystem for container debloating. The design principles of BLAFS are effective, efficient, and easy to use. It detects the files used by the container, and then debloats the container by removing the unused files. The debloated containers are still functional and can run the same workload as the original containers, but with a much smaller size and faster deployment. https://github.com/negativa-ai/BLAFS?tab=readme-ov-file
Read more

alma linux: dnf Module yaml error: Unexpected key in data

-
While applying recent updates to a server running Rocky Linux 8, an error presented itself. Module yaml error: Unexpected key in data: static_context [line 9 col 3] Module yaml error: Unexpected key in data: static_context [line 9 col 3] The solution turned out to be a simple one. Update the libmodulemd first to correct the problem then perform the dnf updates as usual. dnf update libmodulemd For a detailed explanation as to the cause of this problem.
Read more