Security Onion Blog

Wednesday, September 24, 2014

Bash Vulnerability

A vulnerability in bash was announced this morning:

https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/

http://seclists.org/oss-sec/2014/q3/649

You can test your system to see if it's vulnerable using the POC shown here:
https://twitter.com/kbsingh/status/514801829633593345

env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
For example:
Vulnerable
Ubuntu has released an updated version of bash to resolve this:
http://www.ubuntu.com/usn/usn-2362-1/

You should install this updated package as soon as possible.  As always, we recommend using "soup" to apply package updates.  Please see the following page for full update instructions:
https://code.google.com/p/security-onion/wiki/Upgrade

After installing the updated package, you can verify using the POC again:
New version of bash
UPDATE 20140925 16:38:
Please see Part 2:
http://blog.securityonion.net/2014/09/bash-vulnerability-part-2.html

at
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Search This Blog

Featured Post

Thanks to our Customers and Community for 11 Years!

We recently celebrated 16 years of the Security Onion project and today we celebrate 11 years of Security Onion Solutions as a company! Than...

Popular Posts

Blog Archive