New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Red Hat published an article with steps for vulnerability checks, example mod_security & IPTables rules.
Read details here:
https://access.redhat.com/articles/1200223
Thanks for the heads-up!
FYI - If you patched your servers, be ready to patch them again to fix the exploit since the current patch doesn't fix all of it.
dammit. good spot
any clue for ubuntu 9.10 ?
root@ubuntu-vpn:~# bash --version GNU bash, version 4.3.0(1)-release (i686-pc-linux-gnu) Copyright (C) 2013 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software; you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law.
root@ubuntu-vpn:~# env x='() { :;}; echo vulnerable' bash -c "echo this is a test" vulnerable this is a test root@ubuntu-vpn:~# root@ubuntu-vpn:~# uname -a Linux ubuntu-vpn 2.6.31-23-generic-pae #75-Ubuntu SMP Fri Mar 18 19:14:10 UTC 2011 i686 GNU/Linux root@ubuntu-vpn:~# cat /etc/debian_version squeeze/sid root@ubuntu-vpn:~# cat /etc/issue Ubuntu 9.10 \n \l root@ubuntu-vpn:~#
ouuuoooo.... nightmare.., this production server
Legit, should have waited til they released the full thing.
You should update to 12.04 LTS or 14.04 LTS, however if you need a quick patch you can install Bash from source. (Check OP)
I'm seeing this exploit attempt hit my web server:
It looks like if you have a referrer follow link bash script, you probably want to be extra careful.
ok, fixed. didn't patch
root@ubuntu-vpn:~/bash-4.3# bash --version GNU bash, version 4.3.25(1)-release (i686-pc-linux-gnu) Copyright (C) 2013 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software; you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law.
root@ubuntu-vpn:~/bash-4.3# env x='() { :;}; echo vulnerable' bash -c "echo this is a test" bash: warning: x: ignoring function definition attempt bash: error importing function definition for
x'this is a test
root@ubuntu-vpn:~/bash-4.3#
`
Red Hat has become aware that the patch for CVE-2014-6271 is incomplete. An attacker can provide specially-crafted environment variables containing arbitrary commands that will be executed on vulnerable systems under certain conditions. The new issue has been assigned CVE-2014-7169. Red Hat is working on patches in conjunction with the upstream developers as a critical priority. For details on a workaround,
hahahahahahaha
From HostingSecList:
Urgent Action Required
We have both been made aware of some malware being spread via this vulnerability and we have seen another variant our self on our own IDS.
Please ensure you are upgraded or have taken other measures to prevent exploitation.
Also be aware that vendors such as redhat are working on a potential patch for the incomplete patch so you may need to upgrade twice.
https://bugzilla.redhat.com/show_bug.cgi?id=1146319#c11
Evidence of active exploitation:
http://www.kernelmode.info/forum/viewtopic.php?f=16&t=3505#p23987
Any patch for debian 7 jessie/sid
After executing apt-get upgrade my bash version is now 4.3.24(1)-release
still I'm getting vulnerable message
root@debian# env x='() { :;}; echo vulnerable' bash -c "echo this is a test" vulnerable this is a test
get the appropriate .deb package of bash 4.3-9.1 there: http://incoming.debian.org/debian-buildd/pool/main/b/bash/ and install via dpkg -i
No Packages marked for Update
@Sree
apt-get update && apt-get upgrade
After a apt-get dist-upgrade and apt-get update && apt-get upgrade now bash updated to version 4.3.25(1)-release
The official ubuntu suggests to downgrade bash instead:
http://www.ubuntu.com/usn/usn-2362-1/
It never ends!
Downgrade? Where do you get that? Apt-get doesn't allow downgrades - a rollback must still have a version increment.
Just stop it before it hits anything
snort[70736]: [1:31978:3] OS-OTHER Bash CGI environment variable injection attempt [Classification: Access to a Potentially Vulnerable Web Application] [Priority: 2] {TCP} x.x.x.x:61394 -> x.x.x.x:80
The current patch (the second one) may also be vulnerable says RedHat, careful.
4.3.25 for debian is the version that fix this vulnerability right?
any patch for this ?
For anyone unable to click that twitter link the new command is
env X='() { (a)=>\' sh -c "echo date"; cat echo
Outputs some errors, the time and creates a file called "echo" with the date inside.
This worked fine for me with old and new Bash versions.
Hpw can i patch myservers
Will it be done with a regular system update
You posted about it - http://lowendtalk.com/discussion/35013/vulnerability-in-bash#latest - with a wbsite .. - http://www.csoonline.com/article/2687265/application-security/remote-exploit-in-bash-cve-2014-6271.html
Which has links to patch it for almost every OS...
[EDIT] Terrible spelling..
@ATHK already did yum update but not sure if it is enough as the red hat said that the new update also may be vulnerable
You need to read, theres a link to a Twitter profile above and my post about it below it..