ve made some testing around CVE-2014-7169 and CVE-2014-6271 vulnerabil

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
I've made some testing around CVE-2014-7169 and CVE-2014-6271 vulnerability issues on vm10iea0050 - IEA machine:
admin@vm10iea0050 ~
$ bash --help
GNU bash, version 3.1.17(1)-release-(i686-redhat-linux-gnu)
Usage: bash [GNU long option] [option] ...
admin@vm10iea0050 ~
$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
vulnerable
this is a test
admin@vm10iea0050 ~
$ cd /tmp; rm -f /tmp/echo; env 'x=() { (a)=>\' bash -c "echo date"; cat /tmp/echo
bash: x: line 1: syntax error near unexpected token `='
bash: x: line 1: `'
bash: error importing function definition for `x'
Fri Sep 26 10:19:34 PDT 2014
admin@vm10iea0050 /tmp
$ env 'x=() { :;}; echo vulnerable' 'BASH_FUNC_x()=() { :;}; echo vulnerable' bash -c "echo test"
vulnerable
bash: BASH_FUNC_x(): line 0: syntax error near unexpected token `)'
bash: BASH_FUNC_x(): line 0: `BASH_FUNC_x() () { :;}; echo vulnerable'
bash: error importing function definition for `BASH_FUNC_x'
test
After I updated the bash, system became invulnerable to CVE-2014-7169:
_____________________________________________________________________________________________________
root@vm10iea0050 ~
# yum update bash
admin@vm10iea0050 ~
$ bash --help
GNU bash, version 3.2.25(1)-release-(i386-redhat-linux-gnu)
admin@vm10iea0050 ~
$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
this is a test
admin@vm10iea0050 /tmp
$ cd /tmp; rm -f /tmp/echo; env 'x=() { (a)=>\' bash -c "echo date"; cat /tmp/echo
date
cat: /tmp/echo: No such file or directory
$ env 'x=() { :;}; echo vulnerable' 'BASH_FUNC_x()=() { :;}; echo vulnerable' bash -c "echo test"
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `BASH_FUNC_x'
test
So to make your system invulnerable to CVE-2014-7169 just run # yum update bash
As for CVE-2014-6271 the patch for this issue is incomplete at the moment.
For details see https://access.redhat.com/articles/1200223