CVE-2014-7169 bash vulnerability

CVE-2014-7169: BASH Vulnerability Affecting Linux & OS X Systems

What is CVE-2014-7169

GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi & mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, & other situations in which setting the environment occurs across a privilege boundary from Bash execution.

The Bash vulnerability is supposed to be of higher criticality than Heartbleed. It’s found in all versions of the bash package shipped by Red Hat, it’s unclear since when it’s been there. With the CVE-2014-7169 bash vulnerability, users may have the capability of arbitrary code execution. Certain services & applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue

How to Check

To test if your version of Bash is vulnerable to this issue, run the following command:

$ env x='() { :;}; echo vulnerable’ bash -c “echo this is a test”

If you see below output you are safe
env-x-echo-vulnerable-bash-c-echo-this-is-a-test-safe
But if you receive this than your server is vulnerable to the bug.
env-x-echo-vulnerable-bash-c-echo-this-is-a-test-vulnerable

How to Fix

Note: it’s a temporary fix released by Red Hat Security Response Team. The team is working on a full fix for which they are expected to release the patch soon.

To fix this problem (for now) you will have to upgrade the bash on your server. Upgrade bash using “YUM”

yum upgrade bash

yum-upgrade-bash-complete
Once you receive the “Complete!” message, execute the command we have mentioned earlier to check if the server is vulnerable or not. Now you will able to see the following output.

env-x-echo-vulnerable-bash-c-echo-this-is-a-test-safe

Please restart/reboot your Server for the new bash package to take effect

External References:

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271
https://bugzilla.redhat.com/show_bug.cgi?id=1141597
https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/
https://access.redhat.com/articles/1200223
https://access.redhat.com/security/cve/CVE-2014-6271