Linux/Unix 'Bash Shell' security hole found (Patch Reminder)

NxCmp

NxCmp

CAGiversary!
Feedback
8 (100%)
[SIZE=20pt]SECURITY THREAT[/SIZE]

If you are running or have "bash" installed on any of your systems/devices that use versions between 1.14 to 3.4 you are vulnerable. This is a very large threat. It allows the attack to execute code and commands on the target system. To check your version in the command line run "bash --version" to check, if you fall into that version range please update your package manage and update/patch immediately.

To test if you are at risk run:
env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

If the console prints:

vulnerable
this is a test

You are not protected, once patched you should see:

bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test

Best of luck everyone!

Link: https://isc.sans.edu/foru...mins+time+to+patch+/18703
Link: http://www.zdnet.com/unix...ux-bash-...ed-7000034021/

Thank you.

 
[SIZE=20pt]SECURITY THREAT  UPDATE[/SIZE]

A second way to exploit this problem has been found and there is NO FIX yet at the time of this post.

To test to see if the second method still effects you, you can run:

env -i X='() { (a)=>\' bash -c 'echo date'; cat echo

You will still receive and error but it will create a file in the current director you are in called "echo". If you find the Date/Time printed in this file you are still vulnerable to the second method of attach.

Now keep in mind that since this type of threat is really only meant for servers that offer services Online, patching the second method is not 100% vital. While you should still patch the first method for any system and the fact a fix is being created for the second, you should still treat this threat with care and should still fully patch all your systems with batch regardless.

Some of the known attack vectors are:

- cgi-bin
- ssh
- DHCP

Thanks

 
Last edited by a moderator:
SECURITY THREAT UPDATE 2

A patch was released for the second exploit method. Please run your package managers and update bash again.

Thanks

 
mask-air-raid said:
Ha, joke's on you. I use Windows.
Click to expand...
The majority of system that can be targeted are server, not desktops, while it's still good to patch desktops anyway. Plus this is a "bug" not a malicions piece of software like a virus, trojan, rootkit, etc. There is a difference.

 
Last edited by a moderator:
You must log in or register to reply here.
bread's done
Back
Top