[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bash Vulnerability Check & Fix

Hi-does anyone have suggestions on the below? Appears to have worked. Adapted from the web and modified for my own results.
Regards Victor

Bash Vulnerability

Check System Vulnerability
On each of your systems that run Bash, you may check for Shellshock vulnerability by running the following command at the bash prompt:

env VAR='() { :;}; echo Bash is vulnerable!' bash -c "echo Bash Test"
The highlighted echo Bash is vulnerable! portion of the command represents where a remote attacker could inject malicious code. Therefore, if you see the following output, your version of Bash is vulnerable and should be updated:

"Bash is vulnerable!
Bash Test"
Otherwise, will just see  "Bash Test"

You have the option to just upgrade bash. 
apt-get update
apt-get install --only-upgrade bash

On Debian Wheezy saw:
(Preparing to replace bash 4.2-4)
(Setting up bash (4.2+dfsg-0.1+deb7u3)

To check a particular system for the vulnerabilities (or see if the upgrade works) you can check the bash versions that you are using and see if the version is affected (it probably is) or there are numerous shell scripts available on the web.

bashcheck :Test script for Shellshock and related vulnerabilities

cd /usr/sec
wget https://raw.githubusercontent.com/hannob/bashcheck/master/bashcheck
chmod +x bashcheck

On upgraded Debian Wheezy saw:
"Not vulnerable to CVE-2014-6271 (original shellshock)
Not vulnerable to CVE-2014-7169 (taviso bug)
Not vulnerable to CVE-2014-7186 (redir_stack bug)
Test for CVE-2014-7187 not reliable without address sanitizer
Vulnerable to CVE-2014-6277 (lcamtuf bug #1) [no patch]
Vulnerable to CVE-2014-6278 (lcamtuf bug #1) [prefix/()-suffix]
Variable function parser inactive, likely safe from unknown parser bugs"

Reply to: