Log inUsernamePassword
Log me on automatically each visit    
Register
Register
Log in to check your private messages
Log in to check your private messages
SMS Forum Index » Bugs

Post new topic   Reply to topic
Caution! bash Shellshock vulnerability!
View previous topic :: View next topic  
Author Message
Ansy
Member


Joined: 24 Feb 2011
Posts: 42
Location: RUSSIA

PostPosted: Fri Sep 26, 2014 8:18 am    Post subject: Caution! bash Shellshock vulnerability! Reply with quote

http://www.kb.cert.org/vuls/id/252743

Quote:
GNU Bourne Again Shell (Bash) ‘Shellshock’ Vulnerability (CVE-2014-6271, CVE-2014-7169)

A critical vulnerability has been reported in the GNU Bourne Again Shell (Bash), the common command-line shell used in most Linux/UNIX operating systems and Apple’s Mac OS X. The flaw could allow an attacker to remotely execute shell commands by attaching malicious code in environment variables used by the operating system.


When will be fix available for SMS?

_________________
In CODe we TRUST!
Back to top
View user's profile Send private message ICQ Number
Ansy
Member


Joined: 24 Feb 2011
Posts: 42
Location: RUSSIA

PostPosted: Fri Sep 26, 2014 11:58 am    Post subject: Quick fix from Slackware Reply with quote

Quick fix from Slackware:
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.309194

for 32-bit:

wget ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/bash-3.1.018-i486-3_slack13.0.txz
installpkg bash-3.1.018-i486-3_slack13.0.txz


for 64-bit:

wget ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/bash-3.1.018-x86_64-3_slack13.0.txz
installpkg bash-3.1.018-x86_64-3_slack13.0.txz


Check the CPU architecture TWICE!
Other you are in trouble, copying right binary bash manually!

_________________
In CODe we TRUST!


Last edited by Ansy on Fri Sep 26, 2014 12:38 pm; edited 1 time in total
Back to top
View user's profile Send private message ICQ Number
asphyx
Junior Member


Joined: 27 Sep 2012
Posts: 6

PostPosted: Fri Sep 26, 2014 12:15 pm    Post subject: Reply with quote

Code:
uname -a
Linux test2 3.4.55-smp #2 SMP Mon Jul 29 09:38:51 EEST 2013 i686 AMD Athlon(tm) II X2 250 Processor AuthenticAMD GNU/Linux


Code:
date
Fri Sep 26 10:11:03 EEST 2014


Code:
cat /etc/slackware-version
Slackware 14.0


How to test the system ?

Code:
env X="() { :;} ; echo busted" /bin/sh -c "echo stuff"
busted
stuff


Code:
wget -c ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/bash-4.2.048-i486-2_slack14.0.txz


Code:
upgradepkg bash-4.2.048-i486-2_slack14.0.txz


After upgrading !!!

Code:
env X="() { :;} ; echo busted" /bin/sh -c "echo stuff"
/bin/sh: warning: X: ignoring function definition attempt
/bin/sh: error importing function definition for `X'
stuff
Back to top
View user's profile Send private message
gerasimos_h
Site Admin


Joined: 09 Aug 2007
Posts: 1743
Location: Greece

PostPosted: Fri Sep 26, 2014 5:59 pm    Post subject: Reply with quote

I'm rebuilding repos and uploading new bash packages in a few minutes...
No need to downgrade bash as slackware's current (bash-4.3) will do as well, SMS use those anyway...

Sorry for the delay...

p.s. there wil be a second update today with other packages as well... Wink

gerasimos_h

_________________
Superb! Mini Server Project Manager
http://sms.it-ccs.com
Back to top
View user's profile Send private message Visit poster's website
Ansy
Member


Joined: 24 Feb 2011
Posts: 42
Location: RUSSIA

PostPosted: Sat Sep 27, 2014 11:19 am    Post subject: Reply with quote

gerasimos_h, thanks! Smile

slapt-get --update
slapt-get --upgrade

... all done!

I wonder what services are vulnerable in SMS by this bug... may be Webmin, phpMyAdmin, rtorrent or something else?

_________________
In CODe we TRUST!
Back to top
View user's profile Send private message ICQ Number
gerasimos_h
Site Admin


Joined: 09 Aug 2007
Posts: 1743
Location: Greece

PostPosted: Sat Sep 27, 2014 2:16 pm    Post subject: Reply with quote

Probably none, since there is no shell access anyway, on those services...

gerasimos_h

_________________
Superb! Mini Server Project Manager
http://sms.it-ccs.com
Back to top
View user's profile Send private message Visit poster's website
asphyx
Junior Member


Joined: 27 Sep 2012
Posts: 6

PostPosted: Tue Sep 30, 2014 12:16 pm    Post subject: Reply with quote

The saga continues !

http://www.theregister.co.uk/2014/09/30/third_patch_brings_more_admin_shellshock_for_the_battered_and_bashed/

The new patches from slackware.com

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2014&m=slackware-security.559646
Back to top
View user's profile Send private message
gerasimos_h
Site Admin


Joined: 09 Aug 2007
Posts: 1743
Location: Greece

PostPosted: Tue Sep 30, 2014 2:09 pm    Post subject: Reply with quote

Already available in SMS repos, although, I don't want to sound too naive but in our case,"shellshock", i dare to say, it's not something serious...

Even if you take it as a local root exploit, (ain't though) even a user can't get root access or access non permissive locations...

Apache or nobody users, for instance don't have shell access, so no problem either...

Its just that in linux community we take security issues serious, and we should anyway... Wink

gerasimos_h

_________________
Superb! Mini Server Project Manager
http://sms.it-ccs.com
Back to top
View user's profile Send private message Visit poster's website
jeffshultz
Junior Member


Joined: 11 Oct 2014
Posts: 2

PostPosted: Sat Oct 11, 2014 6:35 am    Post subject: Still vulnerable? Reply with quote

I see from shellshocker.net that Bash is now up to Patch 30 or so... and when I run their shell based vulnerability test I come up vulnerable for the redir_stack bug (CVE-2014-7186):

root@newmail:/etc/mail# curl https://shellshocker.net/shellshock_test.sh |bash
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 2627 100 2627 0 0 6658 0 --:--:-- --:--:-- --:--:-- 7119
CVE-2014-6271 (original shellshock): not vulnerable
CVE-2014-6277 (segfault): not vulnerable
CVE-2014-6278 (Florian's patch): not vulnerable
CVE-2014-7169 (taviso bug): not vulnerable
bash: line 50: 19389 Segmentation fault bash -c 'true <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF' 2> /dev/null
CVE-2014-7186 (redir_stack bug): VULNERABLE
CVE-2014-7187 (nested loops off by one): not vulnerable
CVE-2014-//// (exploit 3 on http://shellshocker.net/): not vulnerable

Are you going to be posting Bash 4.3.30 sometime in the near future? I'm leaving my webserver off and outside SSH access blocked in the meantime. Attempting to patch up to .30 using their script flat out doesn't work.

--
Jeff Shultz
Back to top
View user's profile Send private message
gerasimos_h
Site Admin


Joined: 09 Aug 2007
Posts: 1743
Location: Greece

PostPosted: Sat Oct 11, 2014 1:39 pm    Post subject: Reply with quote

I'll provide bash updates later today along with other packages...

No need for shutdown apache though as apache don't have shell access, and if you don't have other local users with shell access no need to shutdown ssh either...

gerasimos_h

_________________
Superb! Mini Server Project Manager
http://sms.it-ccs.com
Back to top
View user's profile Send private message Visit poster's website
jeffshultz
Junior Member


Joined: 11 Oct 2014
Posts: 2

PostPosted: Sat Oct 11, 2014 9:41 pm    Post subject: Reply with quote

Thanks - I'm very glad to hear that!
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    SMS Forum Index » Bugs All times are GMT + 2 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum

SMS - Superb! Mini Server Project © 2016
Powered by phpBB © 2001, 2002 phpBB Group
iCGstation v1.0 Template By Ray © 2003, 2004 iOptional