Bash 遠端執行安全漏洞

這讓人無言了,Bash 的遠端執行安全漏洞,CVE-2014-6271

GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution.

可以在 oss-sec 上面看到說明「Re: CVE-2014-6271: remote code execution through bash」:

Debian and other GNU/Linux vendors plan to disclose a critical, remotely exploitable security vulnerability in bash this week, related to the processing of environment variables. Stephane Chazelas discovered it, and CVE-2014-6271 has been assigned to it.

透過環境變數打進去... Redhat 的「Bash specially-crafted environment variables code injection attack」這篇也給了不少例子。

Linux 下通常最常用的 shell 應該還是 Bash 吧?(雖然也看到不少人用 Zsh...)

然後 Twitter 上看到非常邪惡的 Google Hack:

大家可以自己加上 site: 去掃...

3 thoughts on “Bash 遠端執行安全漏洞”

  1. 應該沒中啊… ln -s /bin/zsh /bin/bash 的話就不知道了… XD

    Thorsten Glaser 2014-09-25 07:58:11 EDT
    (In reply to Björn Puttmann from comment #29)
    > Just as a heads up: The second vulnerability seems also to work with zsh
    > (zsh 4.3.10 (x86_64-redhat-linux-gnu) on CentOS 6.5 and zsh (zsh 4.3.9
    > (i386-apple-darwin10.0) on Mac.

    (In reply to ZendoQ from comment #30)
    > Just to let you know: The second vulnerability also work on zsh 5.0.2
    > (x86_64-apple-darwin13.0) on Mac.

    This is nonsense. The import of functions from the environment is a
    GNU bash-only feature. Neither zsh nor mksh support this.

    The format GNU bash uses is that, if an imported variable begins
    with “() {”, it’s taken as function. For every other shell, these
    are just normal strings.

    Björn Puttmann 2014-09-25 08:16:23 EDT
    You are absolutely correct.
    Please ignore my previous post and sorry for this unnecessary noise.

Leave a Reply

Your email address will not be published. Required fields are marked *