You can now find Cyber Kendra on Google News!

New Bash bug could be worse than Heartbleed

bash bug linux vulnerability, bash bug in linux, linux vulnerable, HeartBleed, Bash also called as GNU Bourne Again Shell, Bash Bug Patch, what is Bash Bug, recover from bash bug, Bash attack, hacking Linux from Bash, Linux security,
After a popular bug 'HeartBleed' another critical bug hit the internet which affect almost all the system, servers, OS X Macs and PCs . This Critical remotely exploitable vulnerability has been discovered in the widely used Linux and Unix command-line shell, known as Bash also called as GNU Bourne Again Shell.

The bug has been discovered by Stephane Chazelas, a Unix and Linux network and telecom administrator at Akamai. The flaw allows an attacker to remotely attach a malicious executable to a variable that is executed when Bash is invoked. On the blogpost researcher explained all the technical details of the bug which affects most of the Linux distributions and servers worldwide.

The Bash Bug is dubbed as CVE-2014-6271 which affects version 1.14 to 4.3 of GNU Bash. On the blogpost researchers explained that attacker could exploit this bash bug to execute shell commands remotely on a target machine using specifically crafted variables.

“It’s super simple and every version of Bash is vulnerable,” said Josh Bressers, manager of Red Hat product security. “It’s extremely serious, but you need very specific conditions in place where a remote user would be able to set that environment variable. Thankfully, it’s not common.”

Bressers Explaining the Bug
The vulnerability allows an attacker to create environment variables that include malicious code before the system calls the Bash shell. These variables can contain code, which gets executed as soon as the shell is invoked. 
Some of the more critical instances where the vulnerability may be exposed is on Apache servers for example, using mod_cgi or mod_cgid if either of those scripts is written in Bash. The vulnerability can also be used to bypass ForceCommand in sshd configs, Bressers said. ForceCommand is supposed to limit remote code execution, but exploiting this vulnerability sidesteps that protection. Some Git deployments over SSH would be affected here. 

Check for Vulnerability
If you are Linux or Unix users or a server admin, running server system on Linux machine then its recommend you to check your system for the vulnerability. To check for the vulnerability run the following command lines in your linux shell-
  • env X="() { :;} ; echo vulnerable" /bin/sh -c "echo completed"
  • env X="() { :;} ; echo vulnerable" `which bash` -c "echo completed"
If you get the word 'vulnerable' in the output, then you are at risk (vulnerable).

Bash Bug Patch
If your system is vulnerable to Bash Bug, then it is recommend to disable any CGI scripts that call on the shell. Additionally Major Linux distribution vendors have released the new bash software versions today,So you are highly recommended to upgrade your bash software package as soon as possible.
  • Red Hat Enterprise Linux (versions 4 through 7) and the Fedora distribution
  • CentOS (versions 5 through 7)
  • Ubuntu 10.04 LTS, 12.04 LTS, and 14.04 LTS
  • Debian

Post a Comment