LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
Reload this Page bash is still vulnerable? CVE-2014-7186
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices


Reply
  Search this Thread
Old 11-03-2014, 10:45 AM   #1
zerouno
Member
 
Registered: Oct 2009
Location: Italy
Distribution: Slackware
Posts: 983

Rep: Reputation: 352Reputation: 352Reputation: 352Reputation: 352
bash is still vulnerable? CVE-2014-7186

slackware64-current

bash-4.3.027-x86_64-1

from https://shellshocker.net/

Code:
$ bash -c 'true <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF' || echo "CVE-2014-7186 vulnerable, redir_stack"
Segmentation fault
CVE-2014-7186 vulnerable, redir_stack
all other tests are not vulnerable.
 
Old 11-03-2014, 12:19 PM   #2
GazL
LQ Veteran
 
Registered: May 2008
Posts: 6,896

Rep: Reputation: 5018Reputation: 5018Reputation: 5018Reputation: 5018Reputation: 5018Reputation: 5018Reputation: 5018Reputation: 5018Reputation: 5018Reputation: 5018Reputation: 5018
I believe Pat's stance on this is that the patch that added the BASH_FUNC_ prefix is sufficient mitigation, so no further action is necessary. It doesn't matter how bad the parser is if it's not exposed to untrusted input.

I took it a step further and patched-out function importing completely, but that's a personal choice: belt-and-bracers.
 
1 members found this post helpful.
Old 11-03-2014, 12:29 PM   #3
metaschima
Senior Member
 
Registered: Dec 2013
Distribution: Slackware
Posts: 1,982

Rep: Reputation: 492Reputation: 492Reputation: 492Reputation: 492Reputation: 492
Yes, both the -current and 14.1 bash versions are vulnerable to this and maybe others. That's why I built my own with exported functions completely disabled ... and it is not vulnerable.

Code:
bash-4.2$ bash -c 'true <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF' || echo "CVE-2014-7186 vulnerable, redir_stack"bash: warning: here-document at line 0 delimited by end-of-file (wanted `EOF')
bash: warning: here-document at line 0 delimited by end-of-file (wanted `EOF')
bash: warning: here-document at line 0 delimited by end-of-file (wanted `EOF')
bash: warning: here-document at line 0 delimited by end-of-file (wanted `EOF')
bash: warning: here-document at line 0 delimited by end-of-file (wanted `EOF')
bash: warning: here-document at line 0 delimited by end-of-file (wanted `EOF')
bash: warning: here-document at line 0 delimited by end-of-file (wanted `EOF')
bash: warning: here-document at line 0 delimited by end-of-file (wanted `EOF')
bash: warning: here-document at line 0 delimited by end-of-file (wanted `EOF')
bash: warning: here-document at line 0 delimited by end-of-file (wanted `EOF')
bash: warning: here-document at line 0 delimited by end-of-file (wanted `EOF')
bash: warning: here-document at line 0 delimited by end-of-file (wanted `EOF')
bash: warning: here-document at line 0 delimited by end-of-file (wanted `EOF')
bash: warning: here-document at line 0 delimited by end-of-file (wanted `EOF')
 
Old 11-03-2014, 01:37 PM   #4
moisespedro
Senior Member
 
Registered: Nov 2013
Location: Brazil
Distribution: Slackware
Posts: 1,223

Rep: Reputation: 195Reputation: 195
On Slackware64 14.1 I am running:

Code:
pedro@slack [~] $ ls /var/log/packages/ | grep bash
bash-4.2.053-x86_64-1_slack14.1
And it is not vulnerable:
Code:
$ bash -c 'true <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF' || echo "CVE-2014-7186 vulnerable, redir_stack"                                                                                                                                                        
bash: warning: here-document at line 0 delimited by end-of-file (wanted `EOF')
bash: warning: here-document at line 0 delimited by end-of-file (wanted `EOF')
bash: warning: here-document at line 0 delimited by end-of-file (wanted `EOF')
bash: warning: here-document at line 0 delimited by end-of-file (wanted `EOF')
bash: warning: here-document at line 0 delimited by end-of-file (wanted `EOF')
bash: warning: here-document at line 0 delimited by end-of-file (wanted `EOF')
bash: warning: here-document at line 0 delimited by end-of-file (wanted `EOF')
bash: warning: here-document at line 0 delimited by end-of-file (wanted `EOF')
bash: warning: here-document at line 0 delimited by end-of-file (wanted `EOF')
bash: warning: here-document at line 0 delimited by end-of-file (wanted `EOF')
bash: warning: here-document at line 0 delimited by end-of-file (wanted `EOF')
bash: warning: here-document at line 0 delimited by end-of-file (wanted `EOF')
bash: warning: here-document at line 0 delimited by end-of-file (wanted `EOF')
bash: warning: here-document at line 0 delimited by end-of-file (wanted `EOF')
 
Old 11-04-2014, 12:24 PM   #5
gengisdave
Member
 
Registered: Dec 2013
Location: Turin, Italy
Distribution: slackware
Posts: 328

Rep: Reputation: 74
it seems this was fixed in 4.3 patchlevel 28
Last edited by gengisdave; 11-04-2014 at 12:29 PM.
 
1 members found this post helpful.
Old 11-04-2014, 12:40 PM   #6
Nh3xus
Member
 
Registered: Jan 2013
Location: France
Distribution: Slackware 14.1 32 bits
Posts: 211

Rep: Reputation: 57
Quote:
it doesn't matter how bad the parser is if it's not exposed to untrusted input.
Not sure if the parser is involved, but dhcpcd needs to interact with Bash.

So bash is exposed to the DHCP handshake and was vulnerable to a PoC that granted an attacker to run arbitrary code from a malicious DHCP server.

Basically, you could add any bash command to the Option flag of the DHCP handshake procedure and the remote DHCP client would execute it as root.
 
Old 11-07-2014, 10:54 AM   #7
j_v
Member
 
Registered: Oct 2011
Distribution: Slackware64
Posts: 364

Rep: Reputation: 67
Just a note: bash-4.2 is up to patch level 53 and bash-4.3 is up to patch level 30.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Bash "shellshock" CVE-2014-6271 CVE-2014-7169 - vulnerability in bash charly78 Debian 21 10-02-2014 08:31 AM
[SECURITY NOTICE!] Bash 4.3 (shellshock, CVE-2014-6271 and CVE-2014-7169) ReaperX7 Linux From Scratch 2 09-28-2014 06:47 AM
Bash "shellshock" CVE-2014-6271 CVE-2014-7169 - Bash Bug Fix enorbet Slackware 42 09-27-2014 12:44 AM
LXer: Shellshock update: bash packages that resolve CVE-2014-6271 and CVE-2014-7169 available LXer Syndicated Linux News 1 09-26-2014 01:43 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 06:21 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration