WordPress.com



Shell Shock VulnerabilityBash?is a?Unix shell?a?replacement for the?Bourne shell?(sh).?it has been distributed widely as the shell for the?GNU operating system?and as a default shell on?Linux?and Mac OS X. It has been ported to?Microsoft Windows?and distributed with? HYPERLINK "" \o "Cygwin" Cygwin?and? HYPERLINK "" \o "MinGW" MinGW, to?DOS?by the?DJGPP?project, toNovell NetWare?and to?Android?via various terminal emulation applications. In the late 1990s, many shells were in common use, of which Bash was a minor player, unlike presently where Bash has overwhelming favor.Bash is a?command processor, typically run in a text window, allowing the user to type commands which cause actions. Bash can also read commands from a file, called a?script. Like all Unix shells, it supports filename?wildcarding,?piping,?here documents,command substitution,?variables?and?controlstructures?for?condition-testing?and?iteration. The?keywords,?syntax?and other basic features of the?language?were all copied from sh. Other features, e.g.,?history, were copied from? HYPERLINK "" \o "C shell" csh?and? HYPERLINK "" \o "Korn shell" ksh. Bash is a?POSIX?shell, but with a number of extensions.Shellshock (CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6377) is a vulnerability in GNU's bash shell that gives attackers access to run remote commands on a vulnerable system.Firstly check the version of bash Run command " bash -- version "Now Enter the Code for Test" env var='() { :;}; echo this is vulnerable' bash -c "test" "In Case we get 1." bash: var: line 0: syntax error near unexpected token `{:'bash: var: line 0: `var () {:;}; echo this is vulnerable'bash: error importing function definition for `var' "This means that the Bash is vulnerabilityLets check for RHEL 6 on my VMShellshock is a vulnerability in bash. In order to patch your vulnerable system, you will need to get the most up to date version of bash available from .Depending on your package manager (yum, apt-get, etc) you may be able to just run a yum update and you'll be good to go.Now moving ahead we will try to fix the Vulnerability by downloading the lastest bash update1. Go to "cd ~/"2. Create a bash folder to download the update of bash by " mkdir bash"3. move into the bash folder " cd bash "4. As we are in the folder now download the update " wget . After which we will install the bash updateHere below is the given screen shotaDownload all the patchesNow extract the tar file by using command " tar zxvf bash-4.3.tar.gz"move inside the bash4.3 folder and install cd bash-4.3for i in $(seq -f "%03g" 0 26);do patch -p0 < ../bash43-$i; done./configure && make && make installNow Enter the Code for Test again to test if the bas is still vulnerable" env var='() { :;}; echo this is vulnerable' bash -c "test" "As the environment variable is not being accepted by the bash shell this clears the vulnerability for my RHEL 6 version. ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download