Get your server issues fixed by our experts for a price starting at just 25 USD/Hour. Click here to register and open a ticket with us now!

Author Topic: ET WEB_SERVER Possible CVE-2014-6271 Attempt in HTTP Cookie  (Read 3035 times)

0 Members and 1 Guest are viewing this topic.

nidhinjo

  • Guest
A new vulnerability affecting Bash (CVE-2014-6271) known as "Shellshock" was been published. The new vulnerability allows attackers to execute arbitrary commands formatting an environmental variable using a specific format. It affects Bash (the Bourne Again SHell), the default command shell for Linux and other UNIX flavors. The vulnerability is critical since it can be exposed on web servers that use mod_cgi or code that calls the bash shell. Other systems that are probably affected are network services and daemons that use shell scripts with environmental variables. This can include network equipment, industrial devices, etc.

Bash or Bourne Again Shell is prone to a remote code execution vulnerability because it does not separate data and code. It is possible to inject code (e.g. crafted User-Agent string) via environment variables.“GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution,” states the description for the Bush Bug flaw on the NIST National Vulnerability Database, which rated its severity as 10 out of 10.

Impacted versions

Most Linux and Unix systems are impacted because bash is installed by default.

Following versions of bash are concerned:
1.14.0
1.14.1
1.14.2
1.14.3
1.14.4
1.14.5
1.14.6
1.14.7
2.0
2.01
2.01.1
2.02
2.02.1
2.03
2.04
2.05
2.05:a
2.05:b
3.0
3.0.16
3.1
3.2
3.2.48
4.0
4.0:rc1
4.1
4.2
4.3

Exploitation vectors

Known vectors are:
   >> the ForceCommand feature in OpenSSH sshd
   >> the mod_cgi and mod_cgid modules in the Apache HTTP Server
   >> scripts executed by unspecified DHCP clients
   >> And other situations in which setting the environment occurs across a privilege boundary from Bash execution.

Check whether a system is vulnerable

>>Output of a vulnerable machine

Code: [Select]
$ env x='() { :;}; echo vulnerable' sh -c "echo this is a test"
vulnerable
this is a test

Code: [Select]
$ env -i X='() { (a)=>\' bash -c 'echo date'; cat echo
bash: X: line 1: syntax error near unexpected token `='
bash: X: line 1: `'
bash: error importing function definition for `X'
Fri Sep 26 12:49:53 CEST 2014

>>Output of a patched machine
Code: [Select]
$ env x='() { :;}; echo vulnerable' sh -c "echo this is a test"
this is a test

Code: [Select]
$ env -i X='() { (a)=>\' bash -c 'echo date'; cat echo
date
cat: echo: Aucun fichier ou dossier de ce type


Soultion

>> Update to the latest version.