Notice: Monitoring services will be discontinued from March 31st, 2019.
A new vulnerability affecting Bash (CVE-2014-6271) known as "Shellshock" was been published. The new vulnerability allows attackers to execute arbitrary commands formatting an environmental variable using a specific format. It affects Bash (the Bourne Again SHell), the default command shell for Linux and other UNIX flavors. The vulnerability is critical since it can be exposed on web servers that use mod_cgi or code that calls the bash shell. Other systems that are probably affected are network services and daemons that use shell scripts with environmental variables. This can include network equipment, industrial devices, etc.
Bash or Bourne Again Shell is prone to a remote code execution vulnerability because it does not separate data and code. It is possible to inject code (e.g. crafted User-Agent string) via environment variables.“GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution,” states the description for the Bush Bug flaw on the NIST National Vulnerability Database, which rated its severity as 10 out of 10.
Impacted versions
Most Linux and Unix systems are impacted because bash is installed by default.
Following versions of bash are concerned:
Exploitation vectors
Known vectors are:
sshd
Go to the {{#switchtablink:Proof_of_Concept|Proof of Concept}} section for more information.
Check whether a system is vulnerable
>>Output of a vulnerable machine
$ env x='() { :;}; echo vulnerable' sh -c "echo this is a test"
vulnerable
this is a test
$ env -i X='() { (a)=>\' bash -c 'echo date'; cat echo
bash: X: line 1: syntax error near unexpected token `='
bash: X: line 1: `'
bash: error importing function definition for `X'
Fri Sep 26 12:49:53 CEST 2014
>>Output of a patched machine
$ env x='() { :;}; echo vulnerable' sh -c "echo this is a test"
this is a test
$ env -i X='() { (a)=>\' bash -c 'echo date'; cat echo
date
cat: echo: Aucun fichier ou dossier de ce type
Soultion
>> Update to the latest version.