You can now find Cyber Kendra on Google News!

New Bash bug could be worse than Heartbleed

bash bug linux vulnerability, bash bug in linux, linux vulnerable, HeartBleed, Bash also called as GNU Bourne Again Shell, Bash Bug Patch, what is Bash Bug, recover from bash bug, Bash attack, hacking Linux from Bash, Linux security,

After a popular bug 'HeartBleed' another critical bug hit the internet which affects almost all the systems, servers, OS X Macs, and PCs. This Critical remotely exploitable vulnerability has been discovered in the widely used Linux and Unix command-line shell, known as Bash also called GNU Bourne Again Shell.

The bug has been discovered by Stephane Chazelas, a Unix and Linux network and telecom administrator at Akamai. The flaw allows an attacker to remotely attach a malicious executable to a variable that is executed when Bash is invoked. 

In the blog post, the researcher explained all the technical details of the bug which affects most Linux distributions and servers worldwide.

The Bash Bug is dubbed CVE-2014-6271 which affects versions 1.14 to 4.3 of GNU Bash. In the blog post, researchers explained that the attacker could exploit this bash bug to execute shell commands remotely on a target machine using specifically crafted variables.

“It’s super simple and every version of Bash is vulnerable,” said Josh Bressers, manager of Red Hat product security. “It’s extremely serious, but you need very specific conditions in the place where a remote user would be able to set that environment variable. Thankfully, it’s not common.”

Bressers Explaining the Bug

The vulnerability allows an attacker to create environment variables that include malicious code before the system calls the Bash shell. These variables can contain code, which gets executed as soon as the shell is invoked. 

Some of the more critical instances where the vulnerability may be exposed are on Apache servers, for example, using mod_cgi or mod_cgid if either of those scripts is written in Bash. The vulnerability can also be used to bypass ForceCommand in sshd configs, Bressers said. ForceCommand is supposed to limit remote code execution, but exploiting this vulnerability sidesteps that protection. Some Git deployments over SSH would be affected here. 

Check for Vulnerability

If you are Linux or Unix user or a server admin, running a server system on a Linux machine then we strongly recommend you to check your system for the vulnerability. To check for the vulnerability run the following command lines in your Linux shell-

  • env X="() { :;} ; echo vulnerable" /bin/sh -c "echo completed"
  • env X="() { :;} ; echo vulnerable" `which bash` -c "echo completed"
If you get the word 'vulnerable' in the output, then you are at risk (vulnerable).

Bash Bug Patch

If your system is vulnerable to Bash Bug, then it is recommended to disable any CGI scripts that call on the shell. Additionally, Major Linux distribution vendors have released the new bash software versions today, So you are highly recommended to upgrade your bash software package as soon as possible.
  • Red Hat Enterprise Linux (versions 4 through 7) and the Fedora distribution
  • CentOS (versions 5 through 7)
  • Ubuntu 10.04 LTS, 12.04 LTS, and 14.04 LTS
  • Debian

Post a Comment