Bash Vulnerability CVE-2014-6217 and CVE-2014-7169

Bash Vulnerability CVE-2014-6217 and CVE-2014-7169

CVE-2014-6217 is a critical vulnerability in all versions of GNU Bash, the Bourne Again Shell. This vulnerability allows an attacker to execute arbitrary shell commands any time a Bash shell executes with environmental variables supplied by the attacker. On cPanel & WHM systems, there are numerous entry points where this vulnerability could be exploited.

CVE-2014-7169 is a second vulnerability in all versions of GNU Bash. This second CVE covers attack vectors that were not fixed in the initial updates for CVE-2014-6217. Targeting CVE-2014-7169 is more complicated for an attacker. The authors of GNU Bash are currently working on updates to address CVE-2014-7169.

For Example:

ForceCommand is used in sshd configs to provide limited command execution capabilities for remote users. This flaw can be used to
bypass that and provide arbitrary command execution. Some Git and Subversion deployments use such restricted shells. Regular use of OpenSSH is not affected because users already have shell access.

Apache server using mod_cgi or mod_cgid are affected if CGI scripts are either written in Bash, or spawn subshells. Such subshells are
implicitly used by system/popen in C, by os.system/os.popen in Python, system/exec in PHP (when run in CGI mode), and open/system in Perl if a shell is used (which depends on the command string).

PHP scripts executed with mod_php are not affected even if they spawn subshells.

DHCP clients invoke shell scripts to configure the system, with values taken from a potentially malicious server. This would allow arbitrary commands to be run, typically as root, on the DHCP client machine.

  • 0 Users Found This Useful
Was this answer helpful?

Related Articles

cPHulk Brute Force Protection

WHM/cPanel has a service, protected from Brute Force attack, which is called “cPHulk Brute Force...

Enable SSH key authorized login without root password

You need to generate SSH Key ( the private key )on your cpanel server and then update remote...

How can I Redirect URLs in cPanel

Login your cpanel 1. Click the Redirects button on the front page under the “domains” 2. Enter...

Enable Custom php.ini for Fast CGI

With fast-cgi, custom php.ini needs to be in the cgi-bin folder. 1) Move php.ini to cgi-bin...

ConfigServer Firewall CSF installation

ConfigServer firewall is a popular linux firewall security suite. It is easy to install, flexible...

Powered by WHMCompleteSolution