Wednesday, September 24, 2014

Bash Vulnerability

A vulnerability in bash was announced this morning:

https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/

http://seclists.org/oss-sec/2014/q3/649

You can test your system to see if it's vulnerable using the POC shown here:
https://twitter.com/kbsingh/status/514801829633593345

env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
For example:
Vulnerable
Ubuntu has released an updated version of bash to resolve this:
http://www.ubuntu.com/usn/usn-2362-1/

You should install this updated package as soon as possible.  As always, we recommend using "soup" to apply package updates.  Please see the following page for full update instructions:
https://code.google.com/p/security-onion/wiki/Upgrade

After installing the updated package, you can verify using the POC again:
New version of bash
UPDATE 20140925 16:38:
Please see Part 2:
http://blog.securityonion.net/2014/09/bash-vulnerability-part-2.html

No comments:

Search This Blog

Featured Post

4-month End Of Life (EOL) reminder for Security Onion 2.3

We recently announced the End Of Life (EOL) date for Security Onion 2.3: https://blog.securityonion.net/2023/10/6-month-eol-notice-for-secur...

Popular Posts

Blog Archive