logo

Critical Vulnerability in Bash Command Line Paper

3 Pages1031 Words296 Views
   

Added on  2019-09-19

Critical Vulnerability in Bash Command Line Paper

   Added on 2019-09-19

ShareRelated Documents
Executive SummaryThis paper talks about the critical vulnerability referred as the CVE-2014-6271. Thisvulnerability occurs in the BASH command line. BASH is the command line tool or shell forthe GNU based operating system. BASH is an acronym that stands for the ‘Born AgainShell’. They are used in many Linux and UNIX based operating system including Apple’sMac OS X. The vulnerability has been reported by the Department of Homeland Security.They released a statement that provides additional details about the GNU Bash vulnerability.This vulnerability allows for an attacker to execute shell commands remotely. This is done bythe attacker by way of attaching malicious code in several environment variables that is beingused by the underlying operating system. Technical DescriptionVulnerability DescriptionGNU Bash from version 1.14 to version 4.3 has a vulnerability in them that allows forcommands that have been placed after the functions in the environment variable therebyallowing attackers remotely to execute arbitrary code with the help of a specially madeenvironment that allows network based exploitation [1]. In instances where this particularvulnerability is exposed includes the following:Apache HTTP Server, when using mod_cgid or mod_cgi scripts which is eitherwritten in bash or GNU Bash subshells or else in any other system which makes useof /bin/sh interface.Bypassing or overriding the ‘ForceCommand’ feature in OpenSSH sshd as well aslimited protection for Git / Subversion deployments that are needed for restrictingshells which also allows for arbitrary execution.Allowing arbitrary command execution on a client DHCP machine.Systems that are affected by this vulnerability includes: GNU Bash up until version 4.3. [2]Mac OS X systems as well as Linux / UNIX based systems wherein Bash is anintegral part of the operating system.Any UNIX or BSD system wherein GNU Bash could be installed Any operating system based on UNIX wherein /bin/sh is implemented as an interfacein GNU Bash.
Critical Vulnerability in Bash Command Line Paper_1

End of preview

Want to access all the pages? Upload your documents or become a member.

Related Documents
The Shellshock Vulnerability- Doc
|7
|1825
|99

Shellshock Vulnerability for Unix and Linux
|4
|486
|182

Linux Bash Scripting: Commands, Installation, and Outputs
|13
|2206
|488

Ping Pong
|12
|647
|318

Bourne-Again Shell in Linux : Report
|13
|2779
|228

INFORMATION SYSTEM THREATS, ATTACKS AND DEFENSES.
|29
|1680
|33