Shellshock CVE-2014-6271 Vulnerability and Ansible Playbook


It’s been an interesting year in terms of finding massively exploitable Linux issues. Heartbleed was a nightmare that caused several late and long nights for IT teams across the entire globe. It was also one of the first times the Windows IIS crew could sit back and laugh at us for once. And now here we are with a second vulnerability with an even bigger footprint than Heartbleed.

Early Wednesday morning, NIST released information about a 10/10 severity vulnerability and thus began the latest scramble to check and patch. This issue can be exploited on basically every *Nix box running Bash and every machine running Mac OS X, which suffice to say, is a LOT.

TL;DR version of this exploit is that is acts a code injection via function calls that continue to run after being defined.

The check:
Fire up terminal and paste in:

If it displays ‘busted,’ you are open for attack.

The fix:
I run an EL6 environment and upon waking up this morning found that Red Hat and CentOS both have patched versions of Bash available via yum. You can simply ‘yum update -y bash’ from your EL6 boxes and call it a day. If you have a lot of boxes and employ Ansible in your environment, here is a quick Playbook to massively roll this out. Obviously you can use whatever flavor of automation you like, I just dig Ansible at the moment.

If you want some more information on the matter, here are some fun links:
CVE-2014-6271: remote code execution through bash
Everything you need to know about the Shellshock Bash bug
Resolution for Bash Code Injection Vulnerability via Specially Crafted Environment Variables (CVE-2014-6271) in Red Hat Enterprise Linux

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.