[Important] Security issue on Unix/Linux due to a Bash shell bug

By Nethru Limited (www.nethru.com)

Bash shell

A few months ago, there is a Heartbleed bug in OpenSSL which affects widely. Recently, people found a bug in Bash shell, which creates security issues to many Unix or Linux systems.

In simple wordings, this bug is related to how Bash handles and processes the environmental variables passed by the OS or by a program calling the Bash script. Since most of the Unix/Linux is configured using Bash as the default shell. It allows attackers to attack these systems via web requests, ssh shell, telnet sessions, or other programs using Bash to execute scripts.

The affected versions of Bash includes 1.14 through 4.3. Luckily, patches have been issued in most of the affected OS, including:

  • Red Hat Enterprise Linux (version 4 to 7) and the Fedora distribution
  • CentOS (version 5 to 7)
  • Ubuntu 10.04 LTS, 12.04 LTS, and 14.04 LTS
  • Debian

If you are unsure whether your system is vulnerable by the bug or not. Here is a simple script that can help you to find out. Open a command line terminal and type the following line.

env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

For a vulnerable system, the output will be

vulnerable
this is a test

For an unaffected system, the output will be

bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test

If you are unfortunately found that your system is vulnerable, try to update the version of the Bash shell immediately.
If you would like to know more about the Bash shell bug, you can find more references here.
http://www.engadget.com/2014/09/24/bash-shell-security-flaw/
http://arstechnica.com/security/2014/09/bug-in-bash-shell-creates-big-security-hole-on-anything-with-nix-in-it/

5 comments

  • While planning a trip to another country, a large number of
    visitors ignore or forget to book their airport transfers accommodation before
    departure. Enterprise also informed us that they will pick up passengers after the cruise if they want to
    rent a car to spend time visiting around Manhattan before their flight home.
    Starting from shuttle cars to private cars, cabs
    and minicabs, the airport transfer facility of
    the city seek to make every passenger’s journey a memorable one.

  • Any person on earth with web-based access can be linked to the site.

    Like everything in business is important,
    getting a website is important too. There are lots of commercial templates available,
    and frankly, they are beautiful, but I am going to give you some hints on where to find free web templates.

  • I have noticed you don’t monetize your website, don’t
    waste your traffic, you can earn extra bucks every month
    because you’ve got high quality content. If you want to know how to make extra money, search for: best adsense
    alternative Boorfe’s tips

  • I have noticed you don’t monetize your page, don’t waste your traffic, you can earn additional bucks every month because you’ve got hi quality content.
    If you want to know how to make extra money, search for: Ercannou’s essential adsense alternative

Leave a Reply

Your email address will not be published. Required fields are marked *