Enabling good business
 

Security holes in Bash affects OS X and Linux

by Niklas Bendelius in Nyheter

Drive to Mac OS X may not immediately think of a security hole in something that runs in the terminal can be a problem. If you drive Linux you quickly realize that this is the case. The latest security hole in Bash, however, are both platforms and this is a most serious bug you should take seriously.

The bug in Bash means that through a bug in Bash version 3.2 can be tricked into executing code in the terminal not only locally on your machine, but also through the network:

“Bash supports Exporting Note right shell variables, but overpriced shell functions to other bash instances, through the process environment to (Indirect) child processes. Current bash versions use an environment variable named by the function name, and a function definition starting with ”() {” in the variable value to propagate function definition through the environment. The vulnerability Occurs Because Bash does not stop after processing the function definition; IT continues to parse and execute shell commands following the function definition. For example, an environment variable setting of

VAR = () {ignored; }; / bin / id

will execute / bin / id When The environment is Imported Into the bash process. (The process is in a slightly undefined state at this point. The PATH variable May not have been set up yet, and bash Could Crash after executing / bin / id, but the damage HAS Already Happened at this point.)

The Fact that an environment variable with an arbitrary name can be used as a carrier for a malicious function containing trailing commands makes this vulnerability particularly severe; IT enables network-based exploitation.

A patch for Linux is likely already released for your distribution (Centos 6.5 can be patched as of now), but for Mac OS X the situation is worse then Apple’s not directly known to react quickly to this type of problem. Are you reasonably technically literate, you can patch the Bash in OS X by reading more here

You can easily test if your computer is affected by this vulnerability. Open a terminal and make sure you have Bash as the shell. Then type the following:

env x = ’() {:;}; echo vulnerable ’bash -c’ echo hello ’

If you get the following response in the terminal, you know that your computer is affected:

vulnerable

hello

If your machine is safe from the security hole you get the following response:

bash: warning: x: ignoring function definition attempt

bash: error importing function definition for `x ’

hello

If your system is affected and you have your machine connected to the Internet, disconnect it from the network immediately until the bug has been rectified for your operating system.

Tags: , , , , , , , , , , ,

Comments are closed.