Archive | September, 2014

Internet Storm Center Shellshoch Bash Code Injection Update

There are (at least) 6 different vulnerabilities. Here are the “latest update about the increasing number of bash flaws covered under the ‘shellshock’ name. What is new and how to protect yourself.”

Upgrade Bash via Homebrew for OS X

As this was posted, Apple had not yet released a security patch to update the version of Bash so lets look at upgrading Bash via Homebrew instead.

Homebrew is a package manager, similar to apt or yum, which allows Mac users to install open-source packages from the command line. To install, paste this line into your Terminal.

ruby -e "$(curl -fsSL"

Then, run:

brew doctor
brew update

And type:

brew install bash
sudo sh -c 'echo "/usr/local/bin/bash" >> /etc/shells'
chsh -s /usr/local/bin/bash
sudo mv /bin/bash /bin/bash-backup
sudo ln -s /usr/local/bin/bash /bin/bash
which bash
bash --version

You will need to restart your Terminal/iTerm and confirm the version:

which bash
bash --version

If desired change the rights of the moved backup file:

sudo chmod a-x /bin/bash-backup

Don’t forget to run the test code to confirm your Bash is patched.
[Exploit 1] [Exploit 2] [Exploit 3]

Update 09/29/2014: If you didn’t patch the bug manually, you can download and install Apple’s patch for OS X Mavericks here.

Update 09/30/2014: he updates are available for the other OS X versions:

The version after applying this update will be:

  • OS X Mavericks:  GNU bash, version 3.2.53(1)-release (x86_64-apple-darwin13)
  • OS X Mountain Lion:  GNU bash, version 3.2.53(1)-release (x86_64-apple-darwin12)
  • OS X Lion:  GNU bash, version 3.2.53(1)-release (x86_64-apple-darwin11)
Leave a Comment

CVE-2014-6271: remote code execution through bash (3rd vulnerability?)

It looks to me like this is still an incomplete fix. The third vulnerability I’d like to report is the feature itself in bash that allows functions to be passed in the environment, e.g.

env ls='() { echo vulnerable; }' bash -c ls

A friend of mine said this could be a vulnerability gift that keeps on giving. CVE-2014-7169 was discovered very quickly after CVE-2014-6271. Do you think that’s the end of it?


Leave a Comment

SSH Access for Remote Login with OS X

Make sure turn on Remote Login under System Preferences then File Sharing.


Testing Shellshock Bug In BASH – CVE-2014-7169 (Exploit 2)

Even after upgrading bash you may still be vulnerable to this exploit. Try running the following code.

env testbug='() { (CEV-2014-7169)=>\' bash -c "echo date"; cat echo ; rm -f echo

If the above command outputs the current date (it may also show errors), you are still vulnerable.

Leave a Comment