It lands countless websites, servers, PCs, OS X Macs, various home routers, and more, in danger of hijacking by hackers.
Ubuntu and other Debian-derived systems that use Dash exclusively are not at risk – Dash isn't vulnerable, but busted versions of Bash may well be present on the systems anyway. It's essential you check the shell interpreters you're using, and any Bash packages you have installed, and patch if necessary.
"Holy cow. There are a lot of .mil and .gov sites that are going to get owned," security expert Kenn White said on Wednesday in reaction to the disclosed flaw.
The 22-year-old bug, dating back to version 1.13, lies in Bash's handling of environment variables: when assigning a function to a variable, trailing code in the function definition will be executed, leaving the door wide open for code-injection attacks. The vulnerability is exploitable remotely if code can be smuggled into environment variables sent over the network – and it's surprisingly easy to do so.
Diagnostic Steps
To test if your version of Bash is vulnerable to this issue, run the
following command:
$ env x='() { :;}; echo vulnerable' bash -c
"echo this is a test"
If the output of the above command looks as follows:
vulnerable
this is a test
you are using a vulnerable version of Bash. The patch used to fix this
issue ensures that no code is allowed after the end of a Bash function. Thus,
if you run the above example with the patched version of Bash, you should get
an output similar to:
$ env x='() { :;}; echo vulnerable' bash -c
"echo this is a test"
bash: warning: x: ignoring function definition
attempt
bash: error importing function definition for `x'
this is a test
No comments:
Post a Comment