[Triumf-linux-managers] [ Technical Alert ] Bash code-injection vulnerability
Konstantin Olchanski
olchansk at triumf.ca
Thu Sep 25 11:56:29 PDT 2014
On Wed, Sep 24, 2014 at 04:20:58PM -0700, Andrew Daviel wrote:
> On Wed, 24 Sep 2014, Kelvin Raywood wrote:
>
> >More info, including a table of version numbers of the fixed packages
> >is available at:
> >
> > https://access.redhat.com/articles/1200223
>
>
> There is a very simple test described in
> https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/
> along with a list of vulnerable scenarios (e.g regular DHCP client
> with a compromised server)
>
> viz.
>
> $ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
>
The published patch bash-4.1.2-15.el6_5.1.x86_64 is defective,
"env -i X='() { (a)=>\' bash -c 'date'" will create a file "date", plus
some other badness posted at https://bugzilla.redhat.com/show_bug.cgi?id=1141597#c24
There is a new CVE, no patch yet.
--
Konstantin Olchanski
Data Acquisition Systems: The Bytes Must Flow!
Email: olchansk-at-triumf-dot-ca
Snail mail: 4004 Wesbrook Mall, TRIUMF, Vancouver, B.C., V6T 2A3, Canada
More information about the Triumf-linux-managers
mailing list