Linux bash vulnerability

**suityou01** · 25 September 2014, 21:31

Originally posted by administrator View Post

Aye, as I understand it on Ubuntu dash is the default but bash is still there. But best ask Suity, he is the expert on these things

Ok so you're sounding more scared now the enormity is sinking in.

**NickFitz** · 25 September 2014, 21:31

Twenty-two years? I heard it was at least twenty-five, though I haven't bothered going through the old source code to check

CGI isn't your only worry. An appropriately-crafted DHCP packet is just one of many other examples of how to gain privileged access to a vulnerable system.

CGI is the most commonly seen example at the moment because it's the easiest way to demonstrate the vulnerability; but it is just an example, not the be-all and end-all. Any report that characterises this as something to do specifically with web servers has completely missed the point.

**stek** · 25 September 2014, 21:33

Originally posted by administrator View Post

Aye, as I understand it on Ubuntu dash is the default but bash is still there. But best ask Suity, he is the expert on these things

He's in the Kneipe/Stube speaking near-native German with no regional accent like we all do after watching 'Der Untergang' with no subtitles.

**suityou01** · 25 September 2014, 21:36

Originally posted by NickFitz View Post

Twenty-two years? I heard it was at least twenty-five, though I haven't bothered going through the old source code to check

CGI isn't your only worry. An appropriately-crafted DHCP packet is just one of many other examples of how to gain privileged access to a vulnerable system.

CGI is the most commonly seen example at the moment because it's the easiest way to demonstrate the vulnerability; but it is just an example, not the be-all and end-all. Any report that characterises this as something to do specifically with web servers has completely missed the point.

Precisely. So in your opinion Nick am I just a worrywart or does this have legs like the analysts say?

**administrator** · 25 September 2014, 21:50

Originally posted by suityou01 View Post

Ubuntu and Debian flavours are unaffected.

Not true. Here's the output from one of my machines - Ubuntu 10.04:

Code:

root@placid:~# env x='() { :;}; echo vulnerable'  bash -c "echo this is a test" 
vulnerable
this is a test

And this is the output from machine this site is on, again Ubuntu 10.04:

Code:

root@tyrant:~# env x='() { :;}; echo vulnerable'  bash -c "echo this is a test" vulnerable
vulnerable
this is a test

Patched and now not vulnerable:

Code:

root@tyrant:~# env x='() { :;}; echo vulnerable'  bash -c "echo this is a test" vulnerable
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test

Here is one from a newly commissioned 14.04 box:

Code:

root@chill:~# env x='() { :;}; echo vulnerable'  bash -c "echo this is a test"
vulnerable
this is a test

Updated and now:

Code:

root@chill:~# env x='() { :;}; echo vulnerable'  bash -c "echo this is a test"
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test

Same with CentOS, I have a few of these and they are all affected too.

**suityou01** · 25 September 2014, 21:56

Ubuntu and other Debian-derived systems that use Dash exclusively are not at risk – Dash isn't vulnerable, but busted versions of Bash may well be present on the systems anyway. It's essential you check the shell interpreters you're using, and any Bash packages you have installed, and patch if necessary.

Unless of course you installed bash. Or it was rolled out alongside something else.

**stek** · 25 September 2014, 21:56

Originally posted by administrator View Post

Not true. Here's the output from one of my machines - Ubuntu 10.04:

Code:

root@placid:~# env x='() { :;}; echo vulnerable'  bash -c "echo this is a test" 
vulnerable
this is a test

And this is the output from machine this site is on, again Ubuntu 10.04:

Code:

root@tyrant:~# env x='() { :;}; echo vulnerable'  bash -c "echo this is a test" vulnerable
vulnerable
this is a test

Patched and now not vulnerable:

Code:

root@tyrant:~# env x='() { :;}; echo vulnerable'  bash -c "echo this is a test" vulnerable
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test

Here is one from a newly commissioned 14.04 box:

Code:

root@chill:~# env x='() { :;}; echo vulnerable'  bash -c "echo this is a test"
vulnerable
this is a test

Updated and now:

Code:

root@chill:~# env x='() { :;}; echo vulnerable'  bash -c "echo this is a test"
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test

Same with CentOS, I have a few of these and they are all affected too.

U need a site reboot admin, there *might* be bash processes running under the old bash, I think you can re-init the libs on Linuxy things with ldconfig but our RHEL official support guy says we should reboot to ensure old bash processes are killed.

Too new-fangled for me....

**administrator** · 25 September 2014, 21:57

Originally posted by suityou01 View Post

Ok so you're sounding more scared now the enormity is sinking in.

The enormity of what? Nothing worth pinching on here. Script kiddies dropping malware or using the machine to stage attacks is the worst that could happen for me. Or some malicious chunt wiping the box I guess. I do updates to the servers regularly as it is best to not be the easy target when the script kiddies are looking for easy meat. Does that make me scared or just a lazy bugger who would rather patch a server in 2 mins over spending days clearing up the shit: from a compromise? I am scared of excessive work on tulip like that when there is more important work to be doing!

**CheeseSlice** · 25 September 2014, 21:58

If DHCP and Macs are affected, thats going to be a problem for some creative/digital businesses.
All it would take is a worm to set up rogue DHCP servers on each infected host and it would be a fast spreading Denial of service infection akin to Blaster or SQL Slammer.
I imagine businesses running mainly Macs are also going to take a relaxed approach to endpoint security, since its common ~~folklore~~ knowledge "Macs dont get viruses"

**stek** · 25 September 2014, 21:58

Originally posted by suityou01 View Post

Unless of course you installed bash. Or it was rolled out alongside something else.

Or it was installed with the default install like is 99% likely, like I already said.

Like.

Linux bash vulnerability

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Partners

Advertisers

Contractor Services

CUK News

Linux bash vulnerability

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Partners

Advertisers

Contractor Services

CUK News

Tag Cloud