Diagnostic Steps:
If your system is not vulnerable, you will see output similar to:
$ env 'x=() { :;}; echo vulnerable' 'BASH_FUNC_x()=() { :;}; echo vulnerable' bash -c "echo test"
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `BASH_FUNC_x'
test
If your system is vulnerable, you will see output similar to:
$ env 'x=() { :;}; echo vulnerable' 'BASH_FUNC_x()=() { :;}; echo vulnerable' bash -c "echo test"
vulnerable
bash: BASH_FUNC_x(): line 0: syntax error near unexpected token `)'
bash: BASH_FUNC_x(): line 0: `BASH_FUNC_x() () { :;}; echo vulnerable'
bash: error importing function definition for `BASH_FUNC_x'
test
If the output of the above command contains a line containing only the word
vulnerable you are using a vulnerable version of Bash. The patch
used to fix this issue ensures that no code is allowed after the end of a Bash
functionIf your system is not vulnerable, you will see output similar to:
$ cd /tmp; rm -f /tmp/echo; env 'x=() { (a)=>\' bash -c "echo date"; cat /tmp/echo
date
cat: /tmp/echo: No such file or directory
If your system is vulnerable, the time and date information will be output on the screen and a file called /tmp/echo will be created.
$ cd /tmp; rm -f /tmp/echo; env 'x=() { (a)=>\' bash -c "echo date"; cat /tmp/echo
bash: x: line 1: syntax error near unexpected token `='
bash: x: line 1: `'
bash: error importing function definition for `x'
Tue Sep 30 09:57:39 EDT 2014
$ ls -ld /tmp/echo
-rw-rw-r-- 1 abcd abcd 29 Sep 30 09:57 /tmp/echo
Solution :
If your system is vulnerable, you can fix these issues by updating to the most recent version of the Bash package by running the following command:
# yum update bash
No comments:
Post a Comment