Partner links

Bash susceptible to environment variables code injection attack

patched Bash bug Linux Mint

A security adversary posted at Red Hat’s security blog and referenced at US-CERT has warned users of the Bash shell of a “specially-crafted environment variables code injection attack.”

That means UNIX-based operating systems that use the Bash shell are affected. That includes all Linux distributions and Apple’s Mac OS X.

According to the blog post cited above:

… the vulnerability arises from the fact that you can create environment variables with specially-crafted values before calling the bash shell. These variables can contain code, which gets executed as soon as the shell is invoked. The name of these crafted variables does not matter, only their contents.

The flaw is said to have been fixed in Red Hat Enterprise Linux and a package that fixes it shipped for Fedora, but I am running a fully updated Fedora 20 KDE and the package has not comes across. To test whether your copy of Bash is vulnerable, issue this command: <strong>env x='() { :;}; echo vulnerable' bash -c "echo LinuxBSDos.com</strong>. If your Bash is vulnerable, you should see both echoed texts.

This screenshot shows the result of the test on my Fedora 20 desktop.
Bash code injection attack

On my laptop running Linux Mint 17 Cinnamon, the test showed that it, too, is vulnerable. However, after updating it, the test passed. The following screenshots shows the results of the test before and after the updated was applied.

Bash test on Linux Mint 17 before code injection attack update.
Bash bug Linux Mint

Bash test on Linux Mint 17 after updating the system.
patched Bash bug Linux Mint

UPDATE: If you use Fedora 20, your only option, before an update is pushed through the system, is to patch it manually. To do that, type the following command, as root: <strong>yum localinstall https://kojipkgs.fedoraproject.org//packages/bash/4.2.47/4.fc20/x86_64/bash-4.2.47-4.fc20.x86_64.rpm</strong>. That came from this post. For other editions of Fedora, see this other post.

Share:

Share on facebook
Facebook
Share on twitter
Twitter
Share on pinterest
Pinterest
Share on linkedin
LinkedIn

Partner links

Newsletter: Subscribe for updates

Subscribe
Notify of
guest
6 Comments
Inline Feedbacks
View all comments
CFWhitman
CFWhitman
7 years ago

The article says, “That includes all Linux distributions…” It would be more accurate to say, “most Linux distributions,” or better yet, “virtually all Linux desktops and servers.” Most versions of embedded Linux don’t include bash and are not vulnerable. However, most distributions for customizable semi-embedded devices like the Raspberry Pi are/were vulnerable.

lazerbeam
lazerbeam
7 years ago

it’s the final ” that is missed in your example…

env x='() { :;}; echo vulnerable’ bash -c “echo LinuxBSDos.com

TLW
TLW
7 years ago

on the last point of your command text, there is no this one “

TLW
TLW
7 years ago

thxs for your contribution, but in your command text is on the end a fail:

Must be:

env x='() { :;}; echo vulnerable’ bash -c “echo LinuxBSDos.com”

Greetings TLW

Get the latest

On social media

Security distros

Hacker
Linux distros for hacking and pentesting

Crypto mining OS

Bitcoin
Distros for mining bitcoin and other cryptocurrencies

Crypto hardware

MSI GeForce GTX 1070
Installing Nvidia GTX 1070 GPU drivers on Ubuntu

Disk guide

LVM
Beginner's guide to disks & disk partitions in Linux

Bash guide

Bash shell terminal
How to set the PATH variable in Bash
Categories
Archives
6
0
Hya, what do you think? Please comment.x
()
x