Friday, September 26, 2014

Shellshock and Cygwin

Cygwin is a *nix like Command Line Interface (CLI) for Windows Operating Systems.

Cygwin by default ships with 4.1.x version at the time of my testing which has shellshock (CVE-2014-6271) vulnerability, use "bash --version" to check current  version of bash shell.



To check the Vulnerability execute below PoC
$ env x='() { :;}; echo vulnerable' bash -c 'echo Exploited!!'


Dissecting the PoC
env      command used to print environment variables or modify the environment where program executes
x          environment variable/ function name
{ :;};    function definition
echo vulnerable' bash -c 'echo Exploited!!' is the malicious data after function definition.

Issue
Due to the vulnerability shell is interpreting the arbitrary commands after the termination of the function definition and executing entire text of environment variables value.

Same PoC command can be used on different Linux distributions for testing the presence of shellshock vulnerability.

Many Linux distributions already released patch for CVE-2014-6271, has lead to new vulnerability, CVE-2014-7169 which is less severe compared to shellshock.

2 comments:

  1. Latest cygwin release had fixed to shellshock but I am using old version of cygwin bash (3.00) and my system can't upgrade to the latest bash...bummer

    ReplyDelete
  2. Excellent post and it also comprises a lot of useful facts- Thanks for valuable information.Really enjoyed reading it first to last.If you have time please visit my dynamic testing page and please leave comments.

    ReplyDelete