Existed
for 22 years flaw allows to remote code
execution.
In the command shell bash, which is popular in Linux sphere, was discovered a critical vulnerability that allows to remote code execution. According to the scale of the National Institute of Standards and Technology (NIST) it got 10 points.
In the command shell bash, which is popular in Linux sphere, was discovered a critical vulnerability that allows to remote code execution. According to the scale of the National Institute of Standards and Technology (NIST) it got 10 points.
Vulnerability
CVE-2014-6271 is related to incorrect processing of environment variables and
function definitions. It is worth noting that in the currently used versions of
bash environment variable name and function is the same. In this case, the
function definition begins with the characters () {.
Gap arises due to the fact that, after processing, shell
does not stop and continues to parse the code and execute further commands of bash. This allows an attacker to use an environment variable with an arbitrary
name for the delivery teams on the victim system.
Existed for 22 years CVE-2014-6271 was discovered last
week by IB-expert Stephane Chazelas, but
the details were disclosed only now. The vulnerability is present in all
versions of bash prior to 4.3. Corrections were released on Wednesday, 24-th of
September.
Vulnerabilities allow to remote user to execute
arbitrary code on the target system.
The vulnerability is caused due to an error processing
the input data during parsing code. This can be exploited to execute arbitrary
commands on the target system. The vulnerability is caused due to an error processing the input data
during parsing code. This can be exploited to execute arbitrary commands on the
target system.
How the vulnerability can affect the user?
Bash and OS maintain a list of environment variables
that describe the current user, the path to applications on the hard drive and
other features. Created an environment variable with a particular structure, an
attacker could execute arbitrary code on the victim's PC next time you will
start bash. Create variable environment
you can in such way:
Establish a remote connection via SSH and try to log
in. Picking a specific username or hostname, you can create an environment
variable with the specific data;
· Forcing the user to create their own environment by
himself;
· Forcing certain programs set the desired value of
the environment variable. For example, the user is running a web-server and a
script which installs its own environment variable. Even despite the fact that
the work of the script does not change the system environment variables, the OS
is already vulnerable.
Set your own environment variable, hackers will be
able to execute arbitrary code on the user's device when you are going to start bash.
The situation can become even more dangerous when you use sudo -s, triggering
bash with its root privileges.
Note that some programs use bash to commit its own
operations. Even if the user does not use bash, his PC may already have been vulnerable.
Checking
In order to check whether the system is vulnerable, you must run in a terminal command:
env x = '() {:;}; echo vulnerable 'bash -c' echo hello
'
If the system is protected by the user, bash returns
the following message:
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x '
hello
If the user's system is vulnerable, bash returns the
following message:
vulnerable
hello
Correction
Developers Bash released an urgent fix for this
vulnerability. All users of the operating system Linux (especially Ubuntu
distributions and Debian) are advised to download the latest updates for this
software.
Source : securitylab.ru
No comments:
Post a Comment