Loading ...
close

Would you like to discuss your environment with a knowledgable engineer?

Preferred communication *

Thank you. We will be in touch with you shortly

aiScaler and the Bash Shellshock vulnerability

Posted by on September 26th, 2014

On Wednesday, September 24th 2014, a critical Bash vulnerability known as CVE-2014-6271, CVE-2014-7169 and Shellshock has been discovered, which allows attackers to execute arbitrary code. The prerequisite is having an access to Bash. You can read more about the vulnerability in the original article: https://access.redhat.com/articles/1200223

Updating Bash

sudo apt-get update
sudo apt-get install bash

If you have updated Bash on September 25th, we recommend you to repeat the process, because the initial patch was incomplete. We also recommend to restart the server after the update.

Am I vulnerable?

rm -f echo && env -i X='() { (a)=>\' bash -c 'echo id'; cat echo

If you are vulnerable you will get

bash: X: line 1: syntax error near unexpected token `='
bash: X: line 1: `'
bash: error importing function definition for `X'
uid=0(root) gid=0(root) groups=0(root)

If you are not vulnerable you will get

bash: X: line 1: syntax error near unexpected token `='
bash: X: line 1: `'
bash: error importing function definition for `X'
id
cat: echo: No such file or directory

 

Leave Comment

US 1 (408) 744-6078   EU +44 20 7993 4587