In this article we will demonstrate to check for Shellshock Bash Vulnerability and how to fix shellshock bash vulnerability in various Linux Operating system, for example, Debian based Ubuntu, Linux Mint and Red Hat Based CentOS, Fedora distributions.
The GNU Bourne Again shell (Bash) is a shell and command language interpreter compatible with the Bourne shell (sh). Bash is the default shell for Red Hat Enterprise Linux. Red Hat (and rest of the open source community) would like to thank Stephane Chazelas for reporting this issue.
All bash users are advised to upgrade to these updated packages, which contain a back-ported patch to correct this issue.
The Shellshock vulnerability can be exploited on systems that are running Services or applications that allow unauthorized remote users to assign Bash environment variables. Examples of exploitable systems include the following:
- Apache HTTP Servers that use CGI scripts (via
mod_cgiandmod_cgid) that are written in Bash or launch to Bash sub-shells - Certain DHCP clients
- Open SSH servers that use the
ForceCommandcapability - Various network-exposed services that use Bash
For additional information on the CVE-2014-6271 and CVE-2014-7169. flaw, refer to the Knowledge base article at : https://access.redhat.com/articles/1200223
How to check for Shellshock Vulnerability?
On each of your systems that run Bash, you may check for Shellshock vulnerability by running the following command at the bash prompt:
env VAR='() { :;}; echo Bash is vulnerable!' bash -c "echo Bash is not vulnerable"
If you see output that looks like Bash is not vulnerable, your version of Bash is safe:
Sample output
root@kali [~]# env VAR='() { :;}; echo Bash is vulnerable!' bash -c "echo Bash is not vulnerable"
Bash is not vulnerable
If you see Bash is vulnerable! as is some part of your output, you MUUST update your Bash. It means a remote attacker could inject malicious code, following a function definition within an environment variable assignment.
Test website for Shellshock Bash Vulnerability
Following 3 sites are useful when you want to test a site for Shellshock Bash Vulnerability
How To Fix Shellshock Bash Vulnerability by updating Bash
The easiest way to fix the vulnerability is to use your default package manager to update the version of Bash.
Note: At the time of writing, only an “incomplete fix” for the vulnerability has been released. As such, it is recommended to update your machines that run Bash immediately, and check back for updates and a complete fix.
aptitude / apt-get: Debian based distro (i.e. Ubuntu, Linux Mint, Kali etc.)
Update Bash to the latest version available via apt-get
sudo apt-get update && sudo apt-get install --only-upgrade bash
(or)
apt-get update && sudo apt-get install --only-upgrade bashNow run check your system vulnerability again by running the command in the previous section.
yum: Red Hat based distro (i.e. Fedora, CentOS etc.)
Update Bash to the latest version available via the yum
sudo yum update bash
(or)
yum update bashNow run the tests using those 3 websites again.
Links & Resources
- CVE-2014-6271 (BashMash/Shellshock)
- CVE-2014-7169 (BashMash/Shellshock)
- Patch for CentOS (versions 5 through 7) against BashMash
- Patch for Ubuntu 10.04 LTS, 12.04 LTS, and 14.04 LTS against BashMash
- Patch for Debian against BashMash
- PHP scripts executed with mod_php are not affected even if they spawn subshells.
- DefCamp International Security Conference
- Troy Hunt’s excellent post on check for Shellshock Bash Vulnerability.
Ubuntu now has the latest version of Bash sent out to their repositories. More info here:
http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-7169.html
Sara Wales
Paula