As you may have read or heard about, a new exploit sometimes referred to as the Bash Bug or Shellshock has been released that allows remote code and commands to be executed as an unprivileged user. This exploit affects Red Hat Enterprise Linux (to include CentOS, and other RHEL variants), from version 4 through 7. Unprivileged execution of commands through Bash can allow additional commands to be run, software to be download, and current security policies to be bypassed. Phoenix NAP’s Information Security Department has worked with our infrastructure teams to identify and prioritize systems that may be vulnerable, and mitigation efforts are well underway.

Red Hat has become aware that the patch for CVE-2014-6271 is incomplete but advises customers to upgrade. This patch is currently being applied to all vulnerable systems. The security team is updating our intrusion detection systems as applicable to help identify attempts to exploit this weakness. We will continue to monitor the situation and provide guidance as this situation progresses.

Reference:

https://access.redhat.com/articles/1200223

To test if your version of Bash is vulnerable to this issue, run the following command:

  • $ env x='() { :;}; echo vulnerable’  bash -c “echo this is a test”

If the output of the above command looks as follows, then you are vulnerable:

  • vulnerable
  • this is a test

To update your CentOS version of bash do the following:

  • yum clean all
  • yum list bash
  • verify that the following is shown, or a higher version: bash.x86_64   4.1.2 15.el6_5.1
  • yum install bash

If you have any questions or concerns, please contact the Phoenix NAP NOC Team at NOC@phoenixnap.com and it will coordinate with our Information Security Engineers as needed.

Phoenix NAP Information Security Team

Categories: