Bash Code Injection Vulnerability CVE-2014-7169 Affecting Linux & OS X Systems

Published by Jignesh Jethwa

As reported in mainstream media, Red Hat has been made aware of a vulnerability affecting all versions of the bash package as shipped with Red Hat products. This vulnerability CVE-2014-6271 could allow for arbitrary code execution. Certain services & applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue.

GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi & mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, & other situations in which setting the environment occurs across a privilege boundary from Bash execution.
NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271.

Test your bash version is vulnerable or not with following code, If O/P of the command looks like below than your bash version is vulnerable.

 # env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
 vulnerable
 this is a test

Screenshot:

Bash Code Injection Vulnerability CVE-2014-7169

Bash Code Injection Vulnerability CVE-2014-7169

Temporary Solution/Patch:
Upgrade your Bash using the yum command with ssh:

# yum upgrade bash

Congratulations!!, your bash is patched and now secured from hackers. Now rerun above code and check out O/P, It should be looks same like below:

 $ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
 bash: warning: x: ignoring function definition attempt
 bash: error importing function definition for `x'
 this is a test

Screenshot:

Bash Code Injection Vulnerability CVE-2014-7169

Bash Code Injection Vulnerability CVE-2014-7169

If you still facing same vulnerability with same O/P, than your system has been compromised with bug. Contact Red Hat Security response team.

Important Notes:

  • Your system need to be restart in order to use bash package.
  • If you face any kind of difficulties to resolve it, than raise ticket to RedHat support.
  • This patch is temporary fix, Red Hat security response team will release total fix of this vulnerability very soon. Once total fix will release I’ll update you though my post.

References:
https://access.redhat.com/articles/1200223
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271
https://bugzilla.redhat.com/show_bug.cgi?id=1141597

Stay Tune. 🙂

Leave a Reply

%d bloggers like this: