After a popular bug 'HeartBleed' another critical bug hit the internet which affects almost all the systems, servers, OS X Macs, and PCs. This Critical remotely exploitable vulnerability has been discovered in the widely used Linux and Unix command-line shell, known as Bash also called GNU Bourne Again Shell.
The bug has been discovered by Stephane Chazelas, a Unix and Linux network and telecom administrator at Akamai. The flaw allows an attacker to remotely attach a malicious executable to a variable that is executed when Bash is invoked.
In the blog post, the researcher explained all the technical details of the bug which affects most Linux distributions and servers worldwide.
The Bash Bug is dubbed CVE-2014-6271 which affects versions 1.14 to 4.3 of GNU Bash. In the blog post, researchers explained that the attacker could exploit this bash bug to execute shell commands remotely on a target machine using specifically crafted variables.
“It’s super simple and every version of Bash is vulnerable,” said Josh Bressers, manager of Red Hat product security. “It’s extremely serious, but you need very specific conditions in the place where a remote user would be able to set that environment variable. Thankfully, it’s not common.”
Bressers Explaining the Bug
The vulnerability allows an attacker to create environment variables that include malicious code before the system calls the Bash shell. These variables can contain code, which gets executed as soon as the shell is invoked.
Some of the more critical instances where the vulnerability may be exposed are on Apache servers, for example, using mod_cgi or mod_cgid if either of those scripts is written in Bash. The vulnerability can also be used to bypass ForceCommand in sshd configs, Bressers said. ForceCommand is supposed to limit remote code execution, but exploiting this vulnerability sidesteps that protection. Some Git deployments over SSH would be affected here.
Check for Vulnerability
If you are Linux or Unix user or a server admin, running a server system on a Linux machine then we strongly recommend you to check your system for the vulnerability. To check for the vulnerability run the following command lines in your Linux shell-
If you get the word 'vulnerable' in the output, then you are at risk (vulnerable).
- env X="() { :;} ; echo vulnerable" /bin/sh -c "echo completed"
- env X="() { :;} ; echo vulnerable" `which bash` -c "echo completed"