High risk warning: the Bash environment variables remote code insertion vulnerability-vulnerability warning-the black bar safety net

ID MYHACK58:62201454099
Type myhack58
Reporter 佚名
Modified 2014-09-27T00:00:00


A few months ago around the high-profile OpenSSL heartbleed information disclosure vulnerability only in the past did not take long, the Internet also broke a than bleeding heart more fierce vulnerability: Bash environment variables remote code insertion vulnerability.

The server of the cgi associated to the bash, the client specially a variable to pass later, the server will open a sub-process execution variable in the subsequent commands.

And the bleeding heart vulnerability compared, the former is just information leakage, while the latter can be passed directly command the system to execute.

Vulnerability information

CVE number: CVE-2 0 1 4-6 2 7 1

Found by: Prakhar Prasad(prakharprasad.com) && Subho Halder(appknox.com)

Found date: 2014-09-25

Test environment: Mac OS X 10.9.4/10.9.5, Apache/2.2.26, GNU bash 3.2.51(1)-release (x86_64-apple-darwin13)

Although the use of this vulnerability to execute command in Apache and other parsing script website container permissions to execute, but can still execute the file(Webshell)write, bounce a shell, the database perform various operations.

According to the vulnerability generating principle, if the site is php with to the system(bash)or the like of the code, will also be affected by the vulnerability.

[1] [2] [3] [4] next