CVE-2014-7169: Additional Bash Vulnerability

CVE ID

CVE-2014-7169

DESCRIPTION

It was found that the fix for CVE-2014-6271 was incomplete, and Bash still allowed\u00a0certain characters to be injected into other environments via specially crafted\u00a0environment variables. An attacker could potentially use this flaw to override or\u00a0bypass environment restrictions to execute shell commands. Certain services and\u00a0applications allow remote unauthenticated attackers to provide environment\u00a0variables, allowing them to exploit this issue.

\n\n

Unitrends Risk Assesment

\n\n

Unitrends, like all Linux/Unix/Mac platforms with bash, have been exposed for 27\u00a0years (since 1987). The exploit cannot introduce new code to the system, but\u00a0could run existing Linux commands to the existing shell and its children.\u00a0This can be exploited by using ssh, or with a custom http://...?var=string... (GET\u00a0string) to apache.

For the ssh method, it requires valid credentials to login first, so this is not a\u00a0significant risk. For the apache method, it would be minimal risk as the apache\u00a0user, but some UI functions could potentially be exposed. Commands run via sudo\u00a0are not affected by this issue.

\n\n

Vulnerability Test

\n\n

\nenv x='() { :;}; echo vulnerable' bash -c "echo this is a test"

\nIf the bash version is vulnerable, this will show:\n\n

\nvulnerable\nthis is a test

RESOLUTION

https://access.redhat.com/solutions/1207723\u00a0(10/09/2014)

Resolution for Bash Code Injection Vulnerability via Specially Crafted\u00a0Environment Variables (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186,\u00a0CVE-2014-7187, CVE-2014-6277, CVE-2014-6278) in Red Hat Enterprise Linux.

Fixed in:

\n\n

  • CentOS5: bash-3.2-33.el5_11.4 \u00a0(bash-3.2-33.el5.1 was the previous bash fix)
  • CentOS6: bash-4.1.2-15.el6_5.2 \u00a0(bash-4.1.2-15.el6_5.1 was the previous bash fix)

To update to the new version of bash with the fix, either do 'yum update bash' from\u00a0the command line, or perform an update from the UI.

LINK TO ADVISORIES

NOTES

For additional information, see:

\n\n

  • https://access.redhat.com/node/1200223 (information)
  • https://access.redhat.com/articles/1200223 (mitigation)
  • http://mirror.centos.org/centos/5/updates/ (CentOS5 updates)
  • http://mirror.centos.org/centos/6/updates/ (CentOS6 updates)
  • http://www.linuxcompatible.org/news/story/bashhaprox_security_updates_for_centos.html#40039
Was this article helpful?
0 out of 0 found this helpful
Have more questions? Contact us