NST Shellshock Detection: Difference between revisions
(Created page with "__TOC__ This page shows how to test whether the version of bash installed on your '''NST''' system has the '''[http://www.symantec.com/connect/blogs/shellshock-all-you-need-k...") |
No edit summary |
||
| (3 intermediate revisions by 2 users not shown) | |||
| Line 23: | Line 23: | ||
= Shellshock Removal = | = Shellshock Removal = | ||
To remove the ''Shellshock'' vulnerability, you will need to update the version of the '''bash''' shell installed on your system. For a NST 20 based distribution (or any Fedora 20 based distribution), you can | To remove the ''Shellshock'' vulnerability, you will need to update the version of the '''bash''' shell installed on your system. For a NST 20 based distribution (or any Fedora 20 based distribution), you can accomplish this by running the following command: | ||
[user@nst ~]$ sudo yum update | [user@nst ~]$ sudo yum update | ||
[sudo] password for user: | [sudo] password for user: | ||
| Line 50: | Line 49: | ||
There is NO WARRANTY, to the extent permitted by law. | There is NO WARRANTY, to the extent permitted by law. | ||
[user@nst ~]$ env x='() { :;}; echo vulnerable' bash -c 'echo hello' | [user@nst ~]$ env x='() { :;}; echo vulnerable' bash -c 'echo hello' | ||
hello | |||
[user@nst ~]$ | [user@nst ~]$ | ||
The lack of the "''vulnerable''" output indicates that the updated version of '''bash''' has been patched and is no longer contains the ''Shellshock'' vulnerability. | The lack of the "''vulnerable''" output indicates that the updated version of '''bash''' has been patched and is no longer contains the ''Shellshock'' vulnerability. | ||
Latest revision as of 07:53, 30 September 2014
This page shows how to test whether the version of bash installed on your NST system has the Shellshock vulnerability.
Shellshock Detection
The following commands indicate the bash version running on a NST 20 based system which has the Shellshock vulnerability:
[user@nst ~]$ bash --version GNU bash, version 4.2.47(1)-release (x86_64-redhat-linux-gnu) Copyright (C) 2011 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software; you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. [user@nst ~]$ env x='() { :;}; echo vulnerable' bash -c 'echo hello' vulnerable hello [user@nst ~]$
The output above shows that the echo vulnerable command was run by the env command (it should not have been). This is the indicator that the version of bash installed on this system has the Shellshock vulnerability.
Shellshock Removal
To remove the Shellshock vulnerability, you will need to update the version of the bash shell installed on your system. For a NST 20 based distribution (or any Fedora 20 based distribution), you can accomplish this by running the following command:
[user@nst ~]$ sudo yum update [sudo] password for user: Loaded plugins: fastestmirror, filter-data, keys, langpacks, list-data ... lot's of output from yum ... Total download size: 552 M Is this ok [y/d/N]: y ... a lot more output from yum ... Complete! [user@nst ~]$
Once the bash package has been updated, you should see the following when testing for the Shellshock vulnerability:
[user@nst ~]$ bash --version GNU bash, version 4.2.48(1)-release (x86_64-redhat-linux-gnu) Copyright (C) 2011 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software; you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. [user@nst ~]$ env x='() { :;}; echo vulnerable' bash -c 'echo hello' hello [user@nst ~]$
The lack of the "vulnerable" output indicates that the updated version of bash has been patched and is no longer contains the Shellshock vulnerability.
