Home PC Games Linux Windows Database Network Programming Server Mobile  
  Home \ Linux \ Bash code injection attacks through a special environment variable     - How to use Quagga BGP (Border Gateway Protocol) router to filter BGP routing (Linux)

- Oracle data row split multiple lines (Database)

- Oracle user password problem (Database)

- Python script running in the background (Programming)

- Linux screen commonly commands (Linux)

- Ubuntu 14.04 set auto sleep time (Linux)

- The istgt PSD on ported to Mac OS X (Linux)

- Difference between TCP and UDP protocols (Linux)

- Find details block device with Linux blkid command (Linux)

- OpenGL Programming Guide (8th edition of the original book) - compute shader (Programming)

- Oracle 11g tracking and monitoring system-level triggers to drop misuse (Database)

- Linux kernel programming parameter passing between modules and function calls (Programming)

- Live Wallpaper for Linux release adds dynamic background (Linux)

- C ++ 11 smart pointers (Programming)

- Zabbix monitoring disk IO status (Server)

- How to make Linux a non-root user uses less than 1024 ports (Linux)

- Ubuntu 14.04 build Android 5.1 development environment and compiler (Linux)

- Python-- for anomalies and reflection of objects articles (Programming)

- C data types is how it is supported by most computer systems (Programming)

- Oracle 12C RAC optimizer_adaptive_features cause of data into overtime (Database)

  Bash code injection attacks through a special environment variable
  Add Date : 2018-11-21      

Bash or Bourne again shell, is a class UNIX shell scripts, it can be any Linux system, the most common installation components. Born from 1980 to the present, bash has grown from a simple terminal-based command interpreter to the evolution of many other strange uses.

In Linux, the environment variable affects the system software. They are composed of a name and the assignment of names. bash shell as well. In the program running in the background bash shell is very common. Typically used to provide a shell to remote users (for example via ssh, telnet), the CGI script provides parser (such as Apache), and even provides limited support for command execution (for example, git).

Back to the topic, you can create an environment variable using the value of the special processing before calling the bash shell, a fact revealed the fragility of the system. These variables can contain code, with the shell called. These processed variable names and nothing major is their content. In the following context, vulnerability exposed:

ForceCommand is sshd to use environment variables, which provide limited command authority to the remote user. This defect can be bypassed and provide any command to execute permissions. Some Git and Subversion deployment using such shell. OpenSSH routine use will not be affected, because the user has entered the shell.

If CGI scripts use bash or produce a lot of sub-shell, or use mod_cgi mod_cgid Apache server will be affected. These may be sub-shell system C language / popen use and can be used Python's os.system / os.popen, may be of PHP in CGI mode of system operation / exec to use and can be used in open shell of Perl / system use.

mod_php PHP script execution even if a large number of production sub-shell is not affected.  

DHCP client calls the shell script to configure the system, use the value from potentially malicious servers. This will allow arbitrary command execution, especially as root DHCP client.

a variety of daemons and SUID / privileged user settings and programs may use the affected user environment variables execute shell script, you can allow arbitrary command execution.

Other applications

may fall into a shell of any danger, or run as a shell script bash interpreter applications. shell script does not introduce environment variables are safe, even if they deal with insecure content and stored in the shell variable (not introduced) in and open the sub-shell.

and programming languages, Bash also function, albeit limited implementation of these functions may bash into the environment variable. This defect is triggered when these environment variables inside a function definition aft attach additional code. Like this:

$ env x = '() {:;}; echo vulnerable' bash -c "echo this is a test"
  this is a test

patch to fix this flaw, make sure the tail bash function does not allow additional code. So if you use a patched version of bash to run the above example, the output should be like this:

  $ env x = '() {:;}; echo vulnerable' bash -c "echo this is a test"
  bash: warning: x: ignoring function definition attempt
  bash: error importing function definition for `x '
  this is a test

We believe that this should not affect any of backward compatibility. It will of course affect any script described above is used to create an environment variable, but doing so would be considered bad programming practice.

Red Hat security report repair the Red Hat Enterprise Linux is the problem. Fedora also fixes delivered package.

- MySQL optimization of the relevant Group By (Database)
- Jigsaw project will solve the problem of Java JAR hell Mody (Programming)
- The ORA-01113 error is handled with BBED without archiving (Database)
- Common DDOS attacks (Linux)
- Hyper-V virtual hard disk how to copy files to and attached to the virtual machine (Linux)
- Ubuntu 14.04 / 13.10 users how to install Ubuntu Touch core applications (Linux)
- Normal start Lazarus 1.0.8 under Ubuntu (Linux)
- Easily create RPM packages using the FPM (Linux)
- OpenGL Programming Guide (8th edition of the original book) - compute shader (Programming)
- An Analysis of the C Algorithm for Calculating the Number of Days Between Date (Programming)
- Creating and extracting archives 11 tar command examples in Linux (Linux)
- Sublime Text 3 (Linux)
- Applications in Objective-C runtime mechanism (Programming)
- Vim useful plugin: vundle (Linux)
- Django url () function Detailed (Programming)
- Ubuntu 14.04 to install file editor KKEdit 0.1.5 version (Linux)
- Nginx multi-domain certificate HTTPS (Server)
- CentOS 5.x install Lua 5.2.3 error (LIBS = -lncurses) (Linux)
- How do you turn on and off IPv6 address on Fedora (Linux)
- Lenovo Ultrabooks Ubuntu system can not open the wireless hardware switch solutions (Linux)
  CopyRight 2002-2020 newfreesoft.com, All Rights Reserved.