Ars reports that a new bug has been found in GNU Bash allows remote attackers to execute arbitrary code by setting the process trailing strings after function definitions in the values of environment variables.
This bug is reported to be present in RHEL (ver 4 through 7), Fedora, CentOS (ver 5 through 7), Ubuntu (ver 10.04 LTS, 12.04 LTS, and 14.04 LTS), Debian, and even OS X Mavericks.
This bug is exploitable through Apache servers with mod_cgi and mod_cgid loaded, OpenSSH, malicious DHCP servers in a compromised wireless access point through dhclient, as well as the CUPS printing system.
The Ars also includes a simple single liner that will test your setup for the newly found discovery:
env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
A vulnerable system will output the following:
vulnerable
this is a test
While a patched or unaffected system outputs:
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test
A patch is already out, so administrators are advised to update Bash.
Editor's Update: Security Engineer Tavis Ormandy has said "The bash patch seems incomplete to me, function parsing is still brittle".
$ env X='() { (a)=>\' sh -c "echo date"; cat echo
(Score: 0) by Anonymous Coward on Thursday September 25 2014, @03:34AM
I'm about to switch to FreeBSD, too. I don't want to install Debian on my new system only to find out a couple of months from now that an upgrade will unexpectedly install systemd and my system will be busted. Even the risk of systemd eventually getting installed is just too great. At least I know that the BSD devs won't be stupid enough to adopt it.
(Score: 0) by Anonymous Coward on Thursday September 25 2014, @06:54AM
Oh yeah? Well I just installed M$ DOS 1.0 and it's WONDERFUL!!111
(Score: 0) by Anonymous Coward on Thursday September 25 2014, @11:48AM
At least it doesn't include systemd. That makes it better than Fedora.
(Score: 0) by Anonymous Coward on Thursday September 25 2014, @01:38PM
Really? It can read your SATA HDD? It can read your USB sticks? Do you even have a floppy disk drive to boot from? (Are 3.5" floppy disk drives actually supported by MS DOS 1.0, or do you need a 5.25" one?)
(Score: 2) by cafebabe on Thursday September 25 2014, @01:53PM
They look the same to a host.
1702845791×2