Ars reports that a new bug has been found in GNU Bash allows remote attackers to execute arbitrary code by setting the process trailing strings after function definitions in the values of environment variables.
This bug is reported to be present in RHEL (ver 4 through 7), Fedora, CentOS (ver 5 through 7), Ubuntu (ver 10.04 LTS, 12.04 LTS, and 14.04 LTS), Debian, and even OS X Mavericks.
This bug is exploitable through Apache servers with mod_cgi and mod_cgid loaded, OpenSSH, malicious DHCP servers in a compromised wireless access point through dhclient, as well as the CUPS printing system.
The Ars also includes a simple single liner that will test your setup for the newly found discovery:
env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
A vulnerable system will output the following:
vulnerable
this is a test
While a patched or unaffected system outputs:
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test
A patch is already out, so administrators are advised to update Bash.
Editor's Update: Security Engineer Tavis Ormandy has said "The bash patch seems incomplete to me, function parsing is still brittle".
$ env X='() { (a)=>\' sh -c "echo date"; cat echo
(Score: 2) by PizzaRollPlinkett on Thursday September 25 2014, @04:33PM
Even if cpanel uses bash (I have no idea), something like that wouldn't be available to the public, would it? It's a server admin tool.
Ars just published this:
http://arstechnica.com/security/2014/09/concern-over-bash-vulnerability-grows-as-exploit-reported-in-the-wild/ [arstechnica.com]
I just can't get a grasp of how serious this is yet.
(E-mail me if you want a pizza roll!)
(Score: 2) by urza9814 on Thursday September 25 2014, @05:50PM
It's been many years since I've seen cPanel, but when I did it was always on shared hosing. Mostly resellers, who would buy a couple server instances somewhere and sell them off to hundreds of users. Which means if you can use this through cPanel, then one user possibly use this to take full control of that server, or break into anyone else's account, right?
(Score: 2) by choose another one on Thursday September 25 2014, @06:17PM
Yep, take control of the shared hosting server. Once that's done, inject malware into all the sites it hosts, or just use it as part of a botnet, take your pick.