remote exploit in bash cve2014 6271

ilJbM74

http://seclists.org/oss-sec/2014/q3/649
http://seclists.org/oss-sec/2014/q3/650
https://access.redhat.com/articles/1200223
https://rhn.redhat.com/errata/RHSA-2014-1293.html
http://www.ubuntu.com/usn/usn-2362-1/
More detailed info:
https://securityblog.redhat.com/2014/09/24/bash-×specially-crafted-environment-variables-code-injection-attack/

Stephane Chazelas discovered a vulnerability in bash, related to how environment variables are processed: trailing code in function definitions was executed, independent of the variable name. In many common configurations, this vulnerability is exploitable over the network.

Chet Ramey, the GNU bash upstream maintainer, will soon release official upstream patches.

Just a heads up, most of not all mirrors for RH/CentOS were updated last night and crons should handle the updates.

env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
will test for this issue…

bash

As of approx 23:10 Eastern Time, 2014-09-24, an addendum CVE has been submitted in regards to CVE-2014-6271. Quoting Red Hat:

“Red Hat has become aware that the patch for CVE-2014-6271 is incomplete. An attacker can provide specially-crafted environment variables containing arbitrary commands that will be executed on vulnerable systems under certain conditions.”

The follow-up has been assigned as CVE-2014-7169. A patch is in the works according to vendors, but but has not yet neen pushed. Expect another bash revision version in the pipelines shortly.

In the meantime, RHEL provides details for a work-around, but cautions that the implementation has received very little testing, and is no substitution for the impending patch. I’m choosing not to quote them here, based on that reasoning entirely, but you can read about it in the preceding Red Hat pages above.

^^^See above links^^^

Fixed? we shall see…
[root@host.domain.com] ~ >> env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test

Notes:
RedHat has suggested rebooting OR running ldconfig after the update. (ldconfig creates, updates, and removes the necessary links and cache to the most recent shared libraries). However, simply updating the bash rpm itself will solve the issue for any and all newly invoked bash instances which should cover the majority of any potential issues.  

Exploit details:
The way this bug is exploited is anything that that first sticks some Internet parameter in an environmental variable, and then executes a bash script. Thus, simply calling bash isn’t the problem. Thus, some things (like PHP apparently) aren’t necessarily vulnerable, but other things (like CGI shell scripts) are vulnerable as all get out. For example, a lot of wireless routers shell out to “ping” and “traceroute” — these are all likely vulnerable.

Clear cached memory on cpanel server

Flushing the Cached Memory
By default, Linux has a very efficient memory management process that should be freeing any cached memory on the server. However, the server may, at times, decide that the cached memory is needed but is being used which can lead to memory related issues.

You can use the following command to flush your cache memory
Continue reading “Clear cached memory on cpanel server”

EasyApache Update

In approximately 60 days, the Basic profile in EasyApache will build Apache 2.4 by default. This change will not alter existing EasyApache profiles that build Apache 2.2. If you plan to update from an existing Apache 2.2 installation to Apache 2.4, we strongly recommend that you build in a test environment before you migrate Apache versions on a production server.

Review the following links for more information on the differences between Apache 2.2 and 2.4:

http://documentation.cpanel.net/display/EA/Critical+Changes+In+Apache+2.4

http://httpd.apache.org/docs/trunk/upgrading.html

100 SED Commands

sed (stream editor) is a Unix utility that parses and transforms text, using a simple, compact programming language.
From pement.org
————————————————————————-
USEFUL ONE-LINE SCRIPTS FOR sed (Unix stream editor)

FILE SPACING:

# double space a file
sed G

# double space a file which already has blank lines in it. Output file
# should contain no more than one blank line between lines of text.
sed '/^$/d;G'

# triple space a file
sed 'G;G'

# undo double-spacing (assumes even-numbered lines are always blank)
sed 'n;d'

# insert a blank line above every line which matches “regex”
sed '/regex/{x;p;x;}'

# insert a blank line below every line which matches “regex”
sed '/regex/G'

# insert a blank line above and below every line which matches “regex”
sed '/regex/{x;p;x;G;}'

Continue reading “100 SED Commands”

Sharing Files From the Command Line

Did you ever want to share files from the shell? Now you can just upload and download files without complexity from your shell or browser. Just upload the file using by dropping it to this page, curl or any other command using PUT to our server. We’ll return a shareable url, which will expire within 2 weeks.

http://transfer.sh/

Uploadcurl -vv --upload-file ./hello.txt http://transfer.sh/hello.txt
 
Create a share alias (add it to .bashrc):transfer() { curl --upload-file ./$1 http://transfer.sh/$1; }
alias transfer=transfer

Now you can just use transfer hello.txt to upload the file!
 
Download
curl -L http://transfer.sh/66nb8/hello.txt
 
Share
You can share files just by emailing the url.


http://curl.io/
Share your files from your Terminal

Specify the path of your file [Normal Method] /var/backups/YourFile.tar.gz

Last login : Wed, Sep 3, 2014 12:22 PM on ttyp1
Welcome to cURL.io!

1) Write the path of your file you desire to send above
2) And copy the command below and past it into your shell or terminal
*) Your file can be up to 5GB, and will be deleted after 4 hours
Then paste the command into your shell

curl.io:~# curl -F "file=@/var/backups/YourFile.tar.gz" \
http://curl.io/send/xcww11lq

 
Secure method (recommended)
curl.io:~# gpg -c "/var/backups/YourFile.tar.gz" && curl -F "file=@/var/backups/YourFile.tar.gz.gpg" \
http://curl.io/send/xcww11lq

 

Historic partition usage data

From a good friend of mine…

“Howdy everybody!

I have been using the following command for a while now to help figure
out when exactly a partition became full on a server:

grep "Disk check" /var/log/chkservd.log | grep "2014-08-20"

This has been extremely useful for me, and in fact I use it almost every
day I work.

The command can obviously be modified to get other output, to grep for
an entire months period for instance:

grep "Disk check" /var/log/chkservd.log | grep "2014-08"

The log is populated with usage of each partition frequently, and is
almost never removed, so this log can stretch back years.

Using this log you can establish a timeline showing how usage changed
over time, and often knowing the timeline helps you understand what
exactly did the “filling” of the partition.

Here is an example of the commands output:
http://pastebin.com/tFGHU8d1

Everybody I have showed this to has loved it and found it very useful,
so I figured I would tell everybody else that does not already know.

Fin.”