EVE Technology Lab

Forum Index

EVE Forums » EVE Technology and Research Center » EVE Technology Lab » BASH Exploit: If you havent heard already!

Topic is locked indefinitely.

BASH Exploit: If you havent heard already! First post
Author

Previous Topic Next Topic

Imperial Academy Amarr Empire 5
Kalstir Imperial Academy Amarr Empire Likes received: 5	#1 - 2014-09-26 05:24:36 UTC 1 Putting this here to try and help people out. For anyone who is hosting a unix machine that is publicly accessible please update your bash! https://www.us-cert.gov/ncas/alerts/TA14-268A http://osvdb.org/show/osvdb/112004 Where I work we have confirmed that this is exploitable on centos 4.4-6.5 Hope this helps someone.

Fuzzwork Enterprises Vote Steve Ronuken for CSM 6,759
Steve Ronuken Fuzzwork Enterprises Vote Steve Ronuken for CSM Likes received: 6,759	#2 - 2014-09-26 21:35:50 UTC \| Edited by: Steve Ronuken Is it a serious problem? yes. Should people update? Yes (unfortunately, there's no patch which takes care of everything yet. Some things are more vulnerable than others. ) Woo! CSM XI! Fuzzwork Enterprises Twitter: @fuzzysteve on Twitter


Kalstir Imperial Academy Amarr Empire Likes received: 5	#3 - 2014-09-27 07:37:53 UTC Thanks Steve, I threw this up in between tasks at work and probably should have worded it better and given a bit more information. As Steve has said, if you don't have a public facing service calling bash you SHOULD be okay.

Peter Powers

Terrorists of Dimensions

HORSE-KILLERS

Likes received: 271

#4 - 2014-09-29 10:42:37 UTC

Steve Ronuken wrote:

If you're only running a web server, and you're not using any shell scripts as CGI scripts, you're /probably/ ok.

uhm. no, not really, this is not a CGI specific problem, a lot of standard tools, especially if they are old tend to write into the environment.

just for the fun, as most hosted machines run with dhcp, have a good laughter at this lovely exploit for the bash vuln:
https://www.trustedsec.com/september-2014/shellshock-dhcp-rce-proof-concept/

and then go update your shell, also follow the news, as the first generation of patches did not close all problems, you might end up in a situation where you are still vulnerable to variations. Its not over yet.

3rdPartyEve.net - your catalogue for 3rd party applications


Steve Ronuken Fuzzwork Enterprises Vote Steve Ronuken for CSM Likes received: 6,759	#5 - 2014-09-29 10:49:11 UTC Yes, I edited out my last line. I had a misunderstanding of the severity. CGI in general is at risk. Woo! CSM XI! Fuzzwork Enterprises Twitter: @fuzzysteve on Twitter

Kalstir

Imperial Academy

Amarr Empire

Likes received: 5

#6 - 2014-10-02 17:37:16 UTC | Edited by: Kalstir

Just to close out this post for future viewes as things do not disappear in the Tech Lab as fast as other places...

Updates for both bash vulnerabilities CVE-2014-6271 and CVE-2014-7169 are out.

Fedora 19:
bash-4.2.48-2.fc19

Fedora 20:
bash-4.2.48-2.fc20

Fedora 21:
bash-4.3.25-2.fc21

Centos 5:
bash-3.2-33.el5_10.4

Centos 6:
bash-4.1.2-15.el6_5.2

Centos 7:
bash-4.2.45-5.el7_0.4

The above patches FIX all CVE's listed for bash! (per articles by CentOS & Fedora)

hope this thread helped someone.

Enjoy!

EVE Technology Lab

Imperial Academy

Amarr Empire

Fuzzwork Enterprises

Vote Steve Ronuken for CSM

Terrorists of Dimensions

HORSE-KILLERS