Bash Code Injection Vulnerability (aka Shellshock)


Recently there has been the new vulnerability on bash in unix system allowing unauthenticated access to applications and services to atackers. Following are quick steps as displayed on Red hat support portal to identify whether your RHEL/CentOS is vulnerable or not.

Go to command prompt then type the following command:

env 'x=() { :;}; echo vulnerable' 'BASH_FUNC_x()=() { :;}; echo vulnerable' bash -c "echo test"

If you see in the result some word like “vulnerable” then you need to update your bash to the latest or rater patched version.

To be on the safer side please keep your bash updated with latest fixes

yum update bash

Further Reading:

https://access.redhat.com/articles/1200223?sc_cid=70160000000e8eaAAA

http://www.itnews.com/exploits-vulnerabilities/84263/six-key-defenses-against-shellshock-attacks?source=ITNEWSNLE_nlt_itndaily_2014-09-30

 

Advertisements

About Dominic

J for JAVA more about me : http://about.me/dominicdsouza
This entry was posted in Thechy Stuff and tagged . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s