Security Onion Blog

Wednesday, September 24, 2014

Bash Vulnerability

A vulnerability in bash was announced this morning:

https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/

http://seclists.org/oss-sec/2014/q3/649

You can test your system to see if it's vulnerable using the POC shown here:
https://twitter.com/kbsingh/status/514801829633593345

env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
For example:
Vulnerable
Ubuntu has released an updated version of bash to resolve this:
http://www.ubuntu.com/usn/usn-2362-1/

You should install this updated package as soon as possible.  As always, we recommend using "soup" to apply package updates.  Please see the following page for full update instructions:
https://code.google.com/p/security-onion/wiki/Upgrade

After installing the updated package, you can verify using the POC again:
New version of bash
UPDATE 20140925 16:38:
Please see Part 2:
http://blog.securityonion.net/2014/09/bash-vulnerability-part-2.html

at
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Search This Blog

Featured Post

Did You Know Security Onion Scales to the Enterprise?

Did you know Security Onion scales to the enterprise? Security Onion is designed to scale from simple standalone deployments all the way up ...

Popular Posts

Blog Archive