'리눅스'에 해당되는 글 118건

  1. 2014.09.26 Bourne Again Shell (Bash) 임의코드 실행 취약점 보안 업데이트
  2. 2014.09.25 Bash Vulnerability Code Injection Attack
  3. 2014.09.19 Bash Script: How read file line by line (best and worst way)
2014.09.26 15:40

Bourne Again Shell (Bash) 임의코드 실행 취약점 보안 업데이트


개요

  • 리눅스 계열 등 운영체제에서 사용중인 GNU Bash에서 발생하는 임의코드 실행 취약점 (CVE-2014-6271) 보안 업데이트를 우회하여 악용할 수 있는 취약점 발생 (CVE-2014-7169)
  • 공격자는 해당 취약점이 존재하는 시스템을 대상으로 원격에서 악의적인 시스템 명령을 실행시킬 수 있으므로 해결방안에 따라 보안 업데이트 적용 권고


해당 시스템

  • 영향 받는 시스템
    • GNU Bash를 사용하는 시스템


해결방안

  • 해당 취약점에 대한 보안업데이트가 공개된 OS를 운영하고 있을 경우, 참고사이트의 내용을 참조하여 보안업데이트 수행
    • CentOS [1]
    • Debian [2]
    • Redhat [3]
    • Ubuntu [4]


용어 정리

  • Shell : 사용자가 입력한 문장을 해석하여 시스템 기능을 수행하는 명령어 해석기


기타 문의사항

  • 한국인터넷진흥원 인터넷침해대응센터: 국번없이 118


[참고사이트]
[1] http://lists.centos.org/pipermail/centos/2014-September/146154.html
[2] https://www.debian.org/security/2014/dsa-3035
[3] https://rhn.redhat.com/errata/RHSA-2014-1306.html
[4] http://www.ubuntu.com/usn/usn-2363-2/


Trackback 1 Comment 0
2014.09.25 14:42

Bash Vulnerability Code Injection Attack


bash_ld_preload.c

#include <sys/types.h>
#include <stdlib.h>
#include <string.h>

static void __attribute__ ((constructor)) strip_env(void);
extern char **environ;

static void strip_env()
{
	char *p,*c;
	int i = 0;
	for (p = environ[i]; p!=NULL;i++ ) {
		c = strstr(p,"=() {");
		if (c != NULL) {
			*(c+2) = '\0';
		}
		p = environ[i];
	} 

}


  • Compile it:
gcc bash_ld_preload.c -fPIC -shared -Wl,-soname,bash_ld_preload.so.1 -o bash_ld_preload.so
  • Copy bash_ld_preload.so to /lib:
cp bash_ld_preload.so /lib/

If you wish to apply this workaround across the entire system:

  • Add the following to /etc/ld.so.preload on a line by itself:
/lib/bash_ld_preload.so
  • Restart all relevant services or reboot the system.

Note that this is potentially very dangerous. It is recommend that you just apply this workaround to specific services that may be exploitable on your system. This can be achieved by adding bash_ld_preload.so to the LD_PRELOAD environment variable in the script that will initialize the service. For example, for httpd on Red Hat Enterprise Linux 6:

  • Add the following two lines at the top of /etc/init.d/httpd, after the #! line:
LD_PRELOAD=/lib/bash_ld_preload.so
export LD_PRELOAD
  • Then restart httpd:
service httpd restart


Workaround: Using mod_security:

The following mod_security rules can be used to reject HTTP requests containing data that may be interpreted by Bash as function definition if set in its environment. They can be used to block attacks against web services, such as attacks against CGI applications outlined above.

Request Header values:

SecRule REQUEST_HEADERS "^\(\) {" "phase:1,deny,id:1000000,t:urlDecode,status:400,log,msg:'CVE-2014-6271 - Bash Attack'"

SERVER_PROTOCOL values:

SecRule REQUEST_LINE "\(\) {" "phase:1,deny,id:1000001,status:400,log,msg:'CVE-2014-6271 - Bash Attack'"

GET/POST names:

SecRule ARGS_NAMES "^\(\) {" "phase:2,deny,id:1000002,t:urlDecode,t:urlDecodeUni,status:400,log,msg:'CVE-2014-6271 - Bash Attack'"

GET/POST values:

SecRule ARGS "^\(\) {" "phase:2,deny,id:1000003,t:urlDecode,t:urlDecodeUni,status:400,log,msg:'CVE-2014-6271 - Bash Attack'"

File names for uploads:

SecRule  FILES_NAMES "^\(\) {"  "phase:2,deny,id:1000004,t:urlDecode,t:urlDecodeUni,status:400,log,msg:'CVE-2014-6271  - Bash Attack'"

These may result in false positives but it's unlikely, and they can log them and keep an eye on it. You may also want to avoid logging as this could result in a significant amount of log files.

Workaround: Using IPTables:

A note on using IPTables string matching:

iptables using -m string --hex-string '|28 29 20 7B|'

Is not a good option because the attacker can easily send one or two characters per packet and avoid this signature easily. However, it may provide an overview of automated attempts at exploiting this vulnerability.


$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

 vulnerable

 this is a test


$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

 bash: warning: x: ignoring function definition attempt

 bash: error importing function definition for `x'

 this is a test




출처 : access.redhat.com




Trackback 0 Comment 0
2014.09.19 15:50

Bash Script: How read file line by line (best and worst way)

Input: $ cat sample.txt 
This is sample file
This is normal text file

Source: $ cat readfile.sh 
#!/bin/bash

i=1;
FILE=sample.txt

# Wrong way to read the file.
# This may cause problem, check the value of 'i' at the end of the loop
echo "###############################"
cat $FILE | while read line; do
        echo "Line # $i: $line"
        ((i++))
done
echo "Total number of lines in file: $i"

# The worst way to read file.
echo "###############################"
for fileline in $(cat $FILE);do
        echo $fileline 
done

# This is correct way to read file.

echo "################################"
k=1
while read line;do
        echo "Line # $k: $line"
        ((k++))
done < $FILE
echo "Total number of lines in file: $k"

Output: $ ./readfile.sh 
###############################
Line # 1: This is sample file
Line # 2: This is normal text file
Total number of lines in file: 1
###############################
This
is
sample
file
This
is
normal
text
file
################################
Line # 1: This is sample file
Line # 2: This is normal text file
Total number of lines in file: 3  




출처 : linuxpoison.blogspot.kr


Trackback 0 Comment 0