Friday, October 3, 2014

Shellshock Bash Vulnerability

System vulnerable to Shellshock


What type of systems are vulnerable? "Apache HTTP Servers that use CGI scripts (via mod_cgi and mod_cgid) that are written in Bash or launch to Bash subshells"

Quick test to see if your system is vulnerable:
env 'VAR=() { :;}; echo Bash is vulnerable!' 'FUNCTION()=() { :;}; echo Bash is vulnerable!' bash -c "echo Bash Test"

Example:
[root@testvm ~]# env 'VAR=() { :;}; echo Bash is vulnerable!' 'FUNCTION()=() { :;}; echo Bash is vulnerable!' bash -c "echo Bash Test"
Bash is vulnerable!
bash: FUNCTION(): line 0: syntax error near unexpected token `)'
bash: FUNCTION(): line 0: `FUNCTION() () { :;}; echo Bash is vulnerable!'
bash: error importing function definition for `FUNCTION'
Bash Test

To test if your web server is vulnerable, you can use the 'ShellShock' Bash Vulnerability Test Tool.

To secure your system, simply upgrade the Bash package (should be available on most distributions):
$  ## Debian Based
$ sudo apt-get update && sudo apt-get install --only-upgrade bash

$  ## RedHat Based
$ sudo yum update bash

References:




No comments: