How to check and fix Bash vulnerability in *NIX

Posted by on in Vulnerabilities
  • Font size: Larger Smaller
  • Hits: 5752
  • Comments
  • Print

Introduction

The blog http://www.silensec.com/blog/entry/vuln/command-execution-vulnerability-in-bash provides an introduction to the "Command Execution Vulnerability in Bash" and also how to test and fix it on a cgi-bin enabled web server using ModSecurity. Here we are going to show how to check if your installed "bash" version is affected by this vulnerability and how to upgrade it.


FreeBSD 10 - Bash

The default installation of FreeBSD 10 comes with bash version "4.3.24" and it is vulnerable. To test further you need to execute the following command in a FreeBSD bash shell:


$ env 'VAR=() { :;}; echo Bash is vulnerable!' 'FUNCTION()=() { :;}; echo Bash is vulnerable!' bash -c "echo Bash Test"

If the output shows the following two lines then we can confirm that the installed shell version is vulnerable:


Bash is vulnerable!
Bash Test

It is also possible to use the "pkg audit" command to check if the installed "bash" package is vulnerable:

# pkg audit

and if you see the following output then you need to update your installed bash:

bash-4.3.24 is vulnerable:
bash -- remote code execution vulnerability
CVE: CVE-2014-7169
CVE: CVE-2014-6271
WWW: http://portaudit.FreeBSD.org/71ad81da-4414-11e4-a33e-3c970e169bc2.html

 

In order to update bash in FreeBSD the following command can be executed:


pkg upgrade bash

 

If the upgrade goes well then you will get the following message:


Installed packages to be UPGRADED:
bash: 4.3.24 -> 4.3.25_1

 

To make sure that the upgraded bash fixed the vulnerability re-run the env command and the output should not contain the following line:

 

Bash is vulnerable!

 

RedHat/CentOS/Fedora/Debian/Ubuntu - BASH

In RedHat/CentOS/Fedora the bash versions prior to 4.2 are vulnerable and they must be updated with the following command:

# yum update bash

To check if the vulnerability got fixed you can execute the "env" command shown above and the output should not contain the "Bash is vulnerable!" line.


In order to update bash in Debian/Ubuntu execute the following commands:

# apt-get update

# apt-get upgrade

 

 

 

 

 

 

Last modified on
Rate this blog entry:
0
blog comments powered by Disqus

Silensec HQ (Cyprus)

  • Address: G & N Court, 41 Pafou Street, 3051 Limassol, Cyprus
  • Email: info@silensec.com
  • Tel.: +357 99 883356

Silensec Africa

  • Address: Woodvale Place, 3rd Floor, Woodvale Groove Road, Westlands
  • PO Box 25388-00100 GPO, Nairobi, Kenya
  • Email: info@silensec.com
  • Tel.: +254 (0)20 8071814

Silensec UK

  • Address: Sheffield Technology Parks, Cooper Buildings, Arundel Gate, Sheffield S1 2NS, England
  • Email: info@silensec.com
  • Tel.: +44 (0)114 2211868

CYBER RANGES Canada

  • Address: 10th Floor, Suite 1000, Bankers Hall West, 888 3rd Street SW, Calgary, AB T2P 5C5, Canada
  • Email: contact@cyberranges.com
  • Tel.: 1-800-959-0163 (toll-free)
  • Web: www.cyberranges.com   

Silensec Corp. (USA)

  • Address: 251 Little Falls Drive, Wilmington, New Castle County, DE 19808, USA
  • Email: contact@cyberranges.com
  • Tel.: 1-800-959-0163 (toll-free)
  • Web: www.cyberranges.com