ShellShock : The GNU Bash Injection Vulnerability

From TBwiki
Jump to: navigation, search


On September 24 2014, a vulnerability named "ShellShock" in the Bash shell was publicly announced. ShellShock is registered in the Common Vulnerabilities and Exposures system as CVE-2014-6271 and CVE-2014-7169. The vulnerability is related to the way in which shell functions are passed though environment variables. The vulnerability may allow an attacker to inject commands into a Bash shell, depending on how the shell is invoked. The Bash shell may be invoked by a number of processes including, but not limited to, telnet, SSH, DHCP, and scripts hosted on web servers.

Contents

Affected Products

  • TMG800, TMG3200, TMG7800-CTRL
  • Tdev Linux server with (CentOS, RedHat, etc) running Toolpack software

Details

The impact of this vulnerability on TelcoBridges products may vary depending on the attack vector. TelcoBridges performed tests using HTTP vectors and confirm that the ShellShock vulnerability cannot be exploited against Toolpack web portal. The ShellShock might be performed throughout an SSH attack vector, which require successful authentication to be exploited and may not result in any additional privileges granted to the user.

Software Versions and Fixes

TelcoBridges CentOS 5 repository have been updated with the latest Bash version.

Update procedure

WebPortal - TMG unit or Linux server with access to Internet (i.e. with DNS configured)

  1. login onto the WebPortal
  2. Select the 'Hosts' section
  3. Click on the hostname
  4. Click on the 'Status' tab
  5. Select 'Upgrade Linux packages' into the host 'Control Action'
  6. Click on the 'Apply action' button
  7. Repeat the process for all hosts listed

Command line interface - TMG unit or Linux server with access to Internet (i.e. with DNS configured)

  1. login with root account
[root@TB011107 ~]# uname -m
x86_64

If the result is not "x86_64", please contact TelcoBridges support, otherwise you can proceed with the method below.

  1. update OS packages with yum
yum clean all
yum update

TMG unit or Linux server without access to Internet

  1. download bash-3.2-33.el5_11.4.x86_64.rpm to your PC
  2. Using WinSCP or similar tool, upload the file to the TMG unit using the root account
  3. login with root account
  4. Install package
yum localinstall bash-3.2-33.el5_11.4.x86_64.rpm

Note: that operation might take a long time since yum will probably experience timeouts when trying to access the external repositories.

How to verify if the vulnerability is fixed?

  1. login with root account
  2. execute the following test command
env x='() { :;}; echo vulnerable' bash -c 'echo this is a test'

You should not see the 'vulnerable' string displayed

Personal tools