Network Security Blogs

Internet and Computer Security Advisories and Updates

ShellShock Target Bash Vulnerability on Server


On September 24, 2014, a GNU Bash vulnerability, referred to as Shellshock or the "Bash Bug", was disclosed.  What Is ShellShock, Shellshock is a 25-year-old, but newly discovered flaw in software run on many Linux and Apple Mac computers.


Shell Shock

High Severity compare to HeartBleed

The US government has rated the security flaw 10/10 for severity, and given it a complexity rating of 'low' - meaning it's very easy to exploit. This bug affects Bash, a program that runs on Apple Mac and Linux computers - and can run in the background without a user's knowledge.


Malaysia cybersecurity also received information from valid sources regarding a GNU Bash vulnerability that affects Unix-based operating systems such as Ubuntu, Red Hat, Debian, Linux and Mac OS X as well as a lot of web servers running Linux operating systems.

System Affected 

This vulnerability exists for servers running UNIX-based systems as below:

- Apple
- OSX
- BSD
- Redhat
- Debian
- CentOS
- Ubuntu

Impact 

The vulnerability lets hackers piggyback malicious code on otherwise benign commands.
the vulnerability also allows remote attackers to execute arbitrary code given certain conditions, by passing strings of code following environment variable assignments.

Once attackers had exploited this vulnerability and gain unauthorised access, he could deface websites, steal confidential or sensitive data and engage in malicious activities such as malware activities, botnets that can be used for spam and DDOS activities.

What To Do

1. Detection Method and Diagnostics

On each of your systems that run Bash, you may check for Shellshock vulnerability by running the following command at the bash prompt:

env VAR='() { :;}; echo Bash is vulnerable!' bash -c "echo Bash Test"

The highlighted echo "Bash is vulnerable!" portion of the command represents where a remote attacker could inject malicious code; arbitrary code following a function definition within an environment variable assignment. Therefore, if you see the following output, your version of Bash is vulnerable and should be updated:

"Bash is vulnerable! "
"Bash Test "

Otherwise, if your output does not include the simulated attacker's payload, i.e. "Bash is vulnerable" is not printed as output, your version of bash is not vulnerable. It may look something like this:

-bash: warning: VAR: ignoring function definition attempt
-bash: error importing function definition for `VAR'
-Bash Test

If your version of Bash is vulnerable, read on to learn how to update Bash and fix the vulnerability.



Apply patches As soon As Possible :



System Administrators may refer to the below information about patches to fix this vulnerability:

Red Hat: https://rhn.redhat.com/errata/RHSA-2014-1306.html
Ubuntu: http://www.ubuntu.com/usn/usn-2363-2/
Debian: http://www.debian.org/security/2014/dsa-3035

or you can apply this command

Fix Vulnerability: 

Update Bash The easiest way to fix the vulnerability is to use your default package manager to update the version of Bash. The following subsections cover updating Bash on various Linux distributions, including Ubuntu, Debian, CentOS, Red Hat, and Fedora.

Note: (Sept. 25, 2014 - 6:00pm EST) At the time of writing, only an "incomplete fix" for the vulnerability has been released. As such, it is recommended to update your machines that run Bash immediately, and check back for updates and a complete fix.

APT-GET: Ubuntu / Debian
Update Bash to the latest version available via apt-get:

- sudo apt-get update && sudo apt-get install --only-upgrade bash


YUM: CentOS / Red Hat / Fedora
Update Bash to the latest version available via the yum:

- sudo yum update bash



0 Komentar untuk "ShellShock Target Bash Vulnerability on Server"

 
Copyright © 2014 Network Security Blogs - All Rights Reserved
Template By shahdinar