• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
sharadchhetri

sharadchhetri

Tutorials On Linux, Unix & Open Source

  • Home
  • Linux Commands
  • Resources
    • Learn Linux
  • My WordPress plugins

Bash Code Injection Vulnerability via Specially Crafted Environment Variables

September 26, 2014 by Sharad Chhetri

Bash Code Injection Vulnerability via Specially Crafted Environment Variables (CVE-2014-6271 (aka Shellshock ), CVE-2014-7169). This is one the most vulnerable bug we have seen in Linux at current time. Due to this bug, we are seeing lots of business impact in entire world.

Details of CVE-2014-6271

A flaw was found in the way Bash evaluated certain specially crafted environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Certain services and applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue.

Details of CVE-2014-7169

It was found that the fix for CVE-2014-6271 was incomplete, and Bash still allowed certain characters to be injected into other environments via specially crafted environment variables. An attacker could potentially use this flaw to override or bypass environment restrictions to execute shell commands. Certain services and applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue.

How to Diagnose the flaw

Diagnostic command : 1

Use the following command

env 'x=() { :;}; echo vulnerable' 'BASH_FUNC_x()=() { :;}; echo vulnerable' bash -c "echo test"

If the output of the above command contains a line containing only the word vulnerable you are using a vulnerable version of Bash.

See the below given screenshot
bash-bug-1

Diagnostic command : 2
Run the below command for bash vulnerability check.

env 'x=() { :;}; echo vulnerable' 'BASH_FUNC_x()=() { :;}; echo vulnerable' bash -c "echo test"

The given below output suggested the system is vulnerable.
bash bug

Diagnostic Command : 3

Run the below command for further diagnosis.

cd /tmp; rm -f /tmp/echo; env 'x=() { (a)=>' bash -c "echo date"; cat /tmp/echo

In vulnerable system, date and time information will be output and /tmp/echo file will be created.

Recommended measures to fix bash vulnerability

Although the there is no permanent fix has been declared till the time of writing this post.
It is recommended to update or upgrade to new bash version. All the major distro and crucial repositories has already been updated with bash package with patch for this issue.

In RHEL 5,6,7 /CentOS 5,6,7 / Amazon Linux AMI
Use the below given command

# yum clean all
# yum update bash

OR 

# yum clean all
# yum upgrade bash

In Ubuntu 10.x/12.x/14.x
Use the below given command

sudo apt-get update && sudo apt-get install --upgrade-only bash

OR

sudo apt-get update && sudo apt-get install bash

Recheck with diagnostic command

As we have already written the diagnostic command. After updating/upgrading the bash in servers, re-run the diagnostic command.

We have also run the diagnostic command after updating/upgarding the bash and found below given satisfied result. The outputs are favourable.

Note: Output has been taken from two different servers. Respectively both screenshot belongs to each server.

shellshock

bash-bug-fix-2

How I installed in production server in which internet was not available

I will give some brief idea, how I worked in this case. We have CentOS and RHEL servers in network. Whereas I also use Virtual box for testing. With the help of yum’s downloadonly plugin, I downloaded the updated bash rpm and scp to server. Where I used the rpm -Uvh command to update the bash package in server.

Suggest you to read about How to download RPM by using yum with installing in system

If you are facing issue with downloading the package or updating/upgrading the bash package. Drop your comments, I will be very glad to help you on this regard.

IMPORTANT : SELINUX guru, Dan Walsh blog on “What does SELinux do to contain the the bash exploit?”

Reference :

https://access.redhat.com/security/cve/CVE-2014-7169
https://access.redhat.com/security/cve/CVE-2014-6271
https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/
http://lists.centos.org/pipermail/centos/2014-September/146099.html

Share this:

  • Twitter
  • Facebook
  • More
  • Print
  • Email
  • LinkedIn
  • Reddit
  • Tumblr
  • Pinterest
  • Pocket
  • Telegram
  • WhatsApp
  • Mastodon

Related posts:

  1. How to set JAVA environment variables in Linux
  2. Send nagios report as pdf file via email
  3. ClamAV-clamd av-scanner FAILED: CODE(0x2286dd0)
  4. Show visitor ip address php code
  5. Find exit status code of last executed command on Linux and Unix
  6. Remove python module installed from source code on Linux
  7. Install Nginx from source code on Ubuntu 14.04 LTS
  8. Set and reset user password by bash script
  9. MySQL backup bash script
  10. Install VirtualBox On Ubuntu 22.04 LTS Desktop (Bash Script)

Filed Under: Linux Tagged With: CVE-2014-6271, CVE-2014-7169, shellshock

Primary Sidebar

Our Social Media Presence

  • Facebook
  • GitHub
  • Twitter

Linux Command

What is Linux Internal And External Command

Linux Basic Commands With Examples For Every Beginner

tr command to convert lines to space , tab and vertical tab

smbpasswd command not found on CentOS 7 and RHEL 7

Solution : semanage command not found

Unix / Linux : How to print duplicate lines from file

More Posts from this Category

You Might Like These Articles!

simplecodesyntax wordpress plugin

SimpleCodeSyntax : My Another WordPress Plugin

Install Nginx

How To Install Nginx On Ubuntu 22.04 LTS

Install Latest Git package in Ubuntu Operating System

How To Always Install Latest Git Package In Ubuntu Operating System

Bash script for installing VirtualBox on Ubuntu 22.04 LTS Desktop

Install VirtualBox On Ubuntu 22.04 LTS Desktop (Bash Script)

libfuse

dlopen(): error loading libfuse.so.2 – Got Error On Ubuntu

Failed to open/create the internal network

VirtualBox Error: Failed to open/create the internal network

Always Useful Tips And Tricks

Set GRUB password after installation of CentOS/Red Hat

How to protect from port scanning and smurf attack in Linux Server by iptables

set and unset line number in file with vi editor

configure: error: C++ compiler cannot create executables

How to increase Password Expire date without resetting the password

Password prompt in single user mode is not secure : CentOS/Red Hat

Forward all incoming emails to other SMTP server or gateway

Explore 90+ Article On "Linux Tips And Tricks"

Copyright © 2023 ยท
The material in this site cannot be republished either online or offline, without our permission.
Proudly Blogging From Bharat.

  • Contact
  • About Me
  • My WordPress plugins
  • Privacy Policy