Bash Shell Security Flaw Isn't Fixed Just Yet
The Bash Shell (Bourne Again Shell) is one of the most used utilities on any UNIX system.
Last week, the folks at Red Hat Security found a security vulnerability with the Bash shell. The vulnerability has been dubbed as Shellshock.
Before we discuss how the vulnerability works, lets talk about environment variables in Linux. Environment variable provides a way to influence the behaviour of the software on the system, which consist of a name with a value assigned to it.
The vulnerability takes advantage of a flaw with the way environment variables were implemented in Bash. The flaw allows an attacker to create an environment variable with specially created values, which can allow the attacker to run malicious code as soon as the shell is invoked.
The flaw can be triggered when extra code is added to the end of the function. You may test your system by running the following command in Terminal on any Linux distro or Mac OS X:
$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"If you see the phrase "vulnerable this is a test" after you run the above command, that means your system is at risk.
On Friday, Red Hat released a patched version of Bash that fixes the above issues (partially, you'll see why in a moment).
Today, the folks at GNU have released a statement saying that the bug has only been patched for certain cases. The following case, where we use a common variable name 'cat', is still vulnerable:
$ cat <<EOF >test.sh
#!/bin/bash
cat /dev/null
EOF
$ chmod a+x test.sh
$ env cat='() { echo rm -rf /; }' ./test.shAs you will see if you run the above code (not recommended for novice users), the program will print "rm -rf /". If we set the malicious code to run in a system command (cat - which will output the contents following the command), the malicious code implemented by the attacker could run more than expected.
Apple has released a statement saying most OS X users are not vulnerable to the flaw, however from our testing we can see all version of OS X 10.9.x are affected by the vulnerability even though most users won't run into any issues.
The Shellshock flaw is not as bad as the press has made it sound, however if executed properly it could be harmful to your system. Most Linux and Mac users have nothing to worry about.
