ShellShock
From TBwiki
(Difference between revisions)
(Created page with "= GNU Bash Injection Vulnerability = On September 24, 2014, a vulnerability named "ShellShock" in the Bash shell was publicly announced on the US National Vulnerability Datab...") |
|||
| Line 1: | Line 1: | ||
| − | + | {{DISPLAYTITLE:ShellShock : The GNU Bash Injection Vulnerability}} | |
On September 24, 2014, a vulnerability named "ShellShock" in the Bash shell was publicly announced on the US National Vulnerability Database (CVE-2014-6271 and CVE-2014-7169). The vulnerability is related to the way in which shell functions are passed though environment variables. The vulnerability may allow an attacker to inject commands into a Bash shell, depending on how the shell is invoked. The Bash shell may be invoked by a number of processes including, but not limited to, telnet, SSH, DHCP, and scripts hosted on web servers. | On September 24, 2014, a vulnerability named "ShellShock" in the Bash shell was publicly announced on the US National Vulnerability Database (CVE-2014-6271 and CVE-2014-7169). The vulnerability is related to the way in which shell functions are passed though environment variables. The vulnerability may allow an attacker to inject commands into a Bash shell, depending on how the shell is invoked. The Bash shell may be invoked by a number of processes including, but not limited to, telnet, SSH, DHCP, and scripts hosted on web servers. | ||
| − | + | = Affected Products = | |
* TMG800, TMG3200, TMG7800-CTRL | * TMG800, TMG3200, TMG7800-CTRL | ||
* Any server with Linux (CentOS, RedHat, etc) running Toolpack software | * Any server with Linux (CentOS, RedHat, etc) running Toolpack software | ||
| − | + | = Details = | |
The impact of this vulnerability on TelcoBridges products may vary depending on the attack vector. TelcoBridges performed tests using HTTP vectors and confirm that the ShellShock vulnerability cannot be exploited against Toolpack web portal. The ShellShock might be performed throughout an SSH attack vector, which require successful authentication to be exploited and may not result in any additional privileges granted to the user. | The impact of this vulnerability on TelcoBridges products may vary depending on the attack vector. TelcoBridges performed tests using HTTP vectors and confirm that the ShellShock vulnerability cannot be exploited against Toolpack web portal. The ShellShock might be performed throughout an SSH attack vector, which require successful authentication to be exploited and may not result in any additional privileges granted to the user. | ||
| − | + | = Software Versions and Fixes = | |
TelcoBridges CentOS 5 repository have been updated with the latest Bash version. | TelcoBridges CentOS 5 repository have been updated with the latest Bash version. | ||
| − | + | = Update procedure = | |
* login with root account | * login with root account | ||
[root@TB011107 ~]# uname -m | [root@TB011107 ~]# uname -m | ||
| Line 19: | Line 19: | ||
If the result is not "x86_64", [[Support:Contacting TelcoBridges technical support|please contact TelcoBridges]] support, otherwise you can proceed with either method below. | If the result is not "x86_64", [[Support:Contacting TelcoBridges technical support|please contact TelcoBridges]] support, otherwise you can proceed with either method below. | ||
| − | + | == TMG800/3200 unit with access to Internet (i.e. with DNS configured) == | |
# login with root account | # login with root account | ||
# update OS packages with yum | # update OS packages with yum | ||
| Line 25: | Line 25: | ||
yum update | yum update | ||
| − | + | == Update procedure if unit does NOT have access to Internet == | |
# download [http://repo.telcobridges.com/centos/5/updates/x86_64/RPMS/bash-3.2-33.el5_11.4.x86_64.rpm bash-3.2-33.el5_11.4.x86_64.rpm] to your PC | # download [http://repo.telcobridges.com/centos/5/updates/x86_64/RPMS/bash-3.2-33.el5_11.4.x86_64.rpm bash-3.2-33.el5_11.4.x86_64.rpm] to your PC | ||
# Using WinSCP or similar tool, upload the file to the TMG unit using the root account | # Using WinSCP or similar tool, upload the file to the TMG unit using the root account | ||
| Line 33: | Line 33: | ||
'''Note''': that operation might take a long time since yum will probably experience timeouts when trying to access the external repositories. | '''Note''': that operation might take a long time since yum will probably experience timeouts when trying to access the external repositories. | ||
| − | + | == How to verify if your Bash version is vulnerable ? == | |
# login with root account | # login with root account | ||
# execute the following test command | # execute the following test command | ||
env x='() { :;}; echo vulnerable' bash -c 'echo this is a test' | env x='() { :;}; echo vulnerable' bash -c 'echo this is a test' | ||
'''You should not see the 'vulnerable' string displayed''' | '''You should not see the 'vulnerable' string displayed''' | ||
Revision as of 04:09, 6 October 2014
On September 24, 2014, a vulnerability named "ShellShock" in the Bash shell was publicly announced on the US National Vulnerability Database (CVE-2014-6271 and CVE-2014-7169). The vulnerability is related to the way in which shell functions are passed though environment variables. The vulnerability may allow an attacker to inject commands into a Bash shell, depending on how the shell is invoked. The Bash shell may be invoked by a number of processes including, but not limited to, telnet, SSH, DHCP, and scripts hosted on web servers.
Contents |
Affected Products
- TMG800, TMG3200, TMG7800-CTRL
- Any server with Linux (CentOS, RedHat, etc) running Toolpack software
Details
The impact of this vulnerability on TelcoBridges products may vary depending on the attack vector. TelcoBridges performed tests using HTTP vectors and confirm that the ShellShock vulnerability cannot be exploited against Toolpack web portal. The ShellShock might be performed throughout an SSH attack vector, which require successful authentication to be exploited and may not result in any additional privileges granted to the user.
Software Versions and Fixes
TelcoBridges CentOS 5 repository have been updated with the latest Bash version.
Update procedure
- login with root account
[root@TB011107 ~]# uname -m x86_64
If the result is not "x86_64", please contact TelcoBridges support, otherwise you can proceed with either method below.
TMG800/3200 unit with access to Internet (i.e. with DNS configured)
- login with root account
- update OS packages with yum
yum clean all yum update
Update procedure if unit does NOT have access to Internet
- download bash-3.2-33.el5_11.4.x86_64.rpm to your PC
- Using WinSCP or similar tool, upload the file to the TMG unit using the root account
- login with root account
- Install package
yum localinstall bash-3.2-33.el5_11.4.x86_64.rpm
Note: that operation might take a long time since yum will probably experience timeouts when trying to access the external repositories.
How to verify if your Bash version is vulnerable ?
- login with root account
- execute the following test command
env x='() { :;}; echo vulnerable' bash -c 'echo this is a test'
You should not see the 'vulnerable' string displayed
