[CRITICAL VULNERABILITY] RHEL - Printable Version
+- SA-MP Forums Archive (https://sampforum.blast.hk)
+-- Forum: Other (https://sampforum.blast.hk/forumdisplay.php?fid=7)
+--- Forum: Everything and Nothing (https://sampforum.blast.hk/forumdisplay.php?fid=23)
+--- Thread: [CRITICAL VULNERABILITY] RHEL (/showthread.php?tid=538934)
+- SA-MP Forums Archive (https://sampforum.blast.hk)
+-- Forum: Other (https://sampforum.blast.hk/forumdisplay.php?fid=7)
+--- Forum: Everything and Nothing (https://sampforum.blast.hk/forumdisplay.php?fid=23)
+--- Thread: [CRITICAL VULNERABILITY] RHEL (/showthread.php?tid=538934)
[CRITICAL VULNERABILITY] RHEL - ErickOwnZ - 25.09.2014
Hello all,
We received this email today:
Код:
Hello,
We're emailing all our customers that use Authy for their SSH shells. We wanted to let you know that today, a critical vulnerability in bash (Bourne-Again-SHell) was disclosed by Stephane Chazelas.
This vulnerability is so critical that even if you have Two-Factor Authentication an attacker would be able to by-pass the two-factor verification and execute commands remotely on your server.
We recommend you update now.
Here's a few things to help you:
To test if you are vulnerable you can use the following command:
env t='() { :;}; echo You are vulnerable.' bash -c "true"
If it prints "You are vulnerable" you need to upgrade as soon as possible. Patches for the major Linux distributions have been already released.
If you are using a Ubuntu or Debian type the following commands to apply the security patch:
apt-get update
apt-get upgrade
If you are using RedHat, CentOS or Fedora type the following commands to apply the security patch:
yum clean all
yum update bash
If you want to know more about this vulnerability please read the following thread on the oss-sec mailing list:
http://seclists.org/oss-sec/2014/q3/650
Authy Engineering Team
http://www.osvdb.org/show/osvdb/112004
http://www.scip.ch/en/?vuldb.67685
Re: [CRITICAL VULNERABILITY] RHEL - renegade334 - 25.09.2014
OS X is also affected, of course, although Apple haven't released an update yet, so you'll have to manually recompile if you want to patch it.
To elaborate: this vulnerability was semi-patched, but a variant of the malicious-environment-variable-execution bug was subsequently discovered not to be covered by the original patch. This secondary vulnerability has been assigned as CVE-2014-7169. I don't believe a patch has yet been released. Stay on top of your package upgrades for the next few days.
The following demonstrates the secondary vulnerability:
Код:
$ ls -l echo
ls: cannot access echo: No such file or directory
$ bash -c 'echo date -R'
date -R
$ env -i X='() { (a)=>\' bash -c 'echo date -R'
bash: X: line 1: syntax error near unexpected token `='
bash: X: line 1: `'
bash: error importing function definition for `X'
$ ls -l echo
-rw-rw-r-- 1 renegade renegade 32 Sep 25 12:29 echo
$ cat echo
Thu, 25 Sep 2014 12:29:43 +0100
In any case, you're only vulnerable if you have a scenario where someone can set environment variables in the same environment that bash is running in - that includes CGI bash scripts and physical terminal access. However, a properly secured SSH environment isn't inherently vulnerable, unless a malicious user is able to get to login and get to the stage where they have access to a shell environment.
Edit: This topic should be renamed - the vulnerability is not in Red Hat Enterprise Linux, nor does it solely affect RHEL users.
Respuesta: Re: [CRITICAL VULNERABILITY] RHEL - ErickOwnZ - 25.09.2014
Quote:
|
Originally Posted by renegade334
 OS X is also affected, of course, although Apple haven't released an update yet, so you'll have to manually recompile if you want to patch it.
To elaborate: this vulnerability was semi-patched, but a variant of the malicious-environment-variable-execution bug was subsequently discovered not to be covered by the original patch. This secondary vulnerability has been assigned as CVE-2014-7169. I don't believe a patch has yet been released. Stay on top of your package upgrades for the next few days. The following demonstrates the secondary vulnerability: Код:
$ ls -l echo
ls: cannot access echo: No such file or directory
$ bash -c 'echo date -R'
date -R
$ env -i X='() { (a)=>\' bash -c 'echo date -R'
bash: X: line 1: syntax error near unexpected token `='
bash: X: line 1: `'
bash: error importing function definition for `X'
$ ls -l echo
-rw-rw-r-- 1 renegade renegade 32 Sep 25 12:29 echo
$ cat echo
Thu, 25 Sep 2014 12:29:43 +0100
In any case, you're only vulnerable if you have a scenario where someone can set environment variables in the same environment that bash is running in - that includes CGI bash scripts and physical terminal access. However, a properly secured SSH environment isn't inherently vulnerable, unless a malicious user is able to get to login and get to the stage where they have access to a shell environment. Edit: This topic should be renamed - the vulnerability is not in Red Hat Enterprise Linux, nor does it solely affect RHEL users. |
AW: [CRITICAL VULNERABILITY] RHEL - Mellnik - 25.09.2014
.cgi people will suffer.
Re: [CRITICAL VULNERABILITY] RHEL - renegade334 - 01.10.2014
I've put together a test script for these vulnerabilities, if anyone needs to check.
http://www.renegade334.me.uk/node/10
Re: [CRITICAL VULNERABILITY] RHEL - Matt - 01.10.2014
Quote:
|
Originally Posted by renegade334
OS X is also affected, of course, although Apple haven't released an update yet, so you'll have to manually recompile if you want to patch it.
|