How To Fix Shellshock Vulnerability [Explained]

In this article we will demonstrate to check for Shellshock Bash Vulnerability and how to fix shellshock bash vulnerability in various Linux Operating system, for example, Debian based Ubuntu, Linux Mint and Red Hat Based CentOS, Fedora distributions.

Shellshock Vulnerability

 

The GNU Bourne Again shell (Bash) is a shell and command language interpreter compatible with the Bourne shell (sh). Bash is the default shell for Red Hat Enterprise Linux. Red Hat (and rest of the open source community) would like to thank Stephane Chazelas for reporting this issue.

All bash users are advised to upgrade to these updated packages, which contain a back-ported patch to correct this issue.

 

The Shellshock vulnerability can be exploited on systems that are running Services or applications that allow unauthorized remote users to assign Bash environment variables. Examples of exploitable systems include the following:

  1. Apache HTTP Servers that use CGI scripts (via mod_cgi and mod_cgid) that are written in Bash or launch to Bash sub-shells
  2. Certain DHCP clients
  3. Open SSH servers that use the ForceCommand capability
  4. Various network-exposed services that use Bash

For additional information on the CVE-2014-6271 and CVE-2014-7169. flaw, refer to the Knowledge base article at :  https://access.redhat.com/articles/1200223

How to check for Shellshock  Vulnerability?

On each of your systems that run Bash, you may check for Shellshock vulnerability by running the following command at the bash prompt:

env VAR='() { :;}; echo Bash is vulnerable!' bash -c "echo Bash is not vulnerable"

If you see output that looks like Bash is not vulnerable, your version of Bash is safe:

Sample output

[email protected] [~]# env VAR='() { :;}; echo Bash is vulnerable!' bash -c "echo Bash is not vulnerable"
Bash is not vulnerable

If you see Bash is vulnerable! as is some part of your output, you MUUST update your Bash. It means a remote attacker could inject malicious code, following a function definition within an environment variable assignment.

Test website for Shellshock Bash Vulnerability

Following 3 sites are useful when you want to test a site for Shellshock Bash Vulnerability

  1. http://www.shellshocktest.com/
  2. http://shellshock.brandonpotter.com/
  3. http://bashsmash.ccsir.org/

How To Fix Shellshock Bash Vulnerability by updating Bash

The easiest way to fix the vulnerability is to use your default package manager to update the version of Bash.

Note: At the time of writing, only an “incomplete fix” for the vulnerability has been released. As such, it is recommended to update your machines that run Bash immediately, and check back for updates and a complete fix.

aptitude / apt-get: Debian based distro (i.e. Ubuntu, Linux Mint, Kali etc.)

Update Bash to the latest version available via apt-get

sudo apt-get update && sudo apt-get install --only-upgrade bash
(or)
apt-get update && sudo apt-get install --only-upgrade bash

Now run check your system vulnerability again by running the command in the previous section.

yum: Red Hat based distro (i.e. Fedora, CentOS etc.)

Update Bash to the latest version available via the yum

sudo yum update bash
(or)
yum update bash

Now run the tests using those 3 websites again.

Links & Resources

Ubuntu now has the latest version of Bash sent out to their repositories. More info here:

http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-7169.html

Dhruval Patel

Entrepreneur | Kind | Made Love With INDIA | White Hat Hacker .







Get more stuff like this
in your inbox

subscribe mailing list for Free Stuffs