XX²¨²Æ¡¤XX ÎÊÌâԡ辯¹«¸æ

[EIT-P-C-201419] ManageOne Notice on Rectification for SUSE OS Bash Malicious Code Security Vulnerability

       

                                        Warning ID: EIT- P-C-201419

Severity

Critical

Emergency

Critical

Product Involved

ManageOne

Versions Involved

ManageOne V100R001C01 BMS

ManageOne V100R001C02  (SSMC)

ManageOne V100R002C00  (SSM)

ManageOne V100R002C00  (UMP)

ManageOne V100R002C10  (SSM)

ManageOne V100R002C10  (OC)

ManageOne V100R002C10  (SC)

ManageOne V100R002C20  (OC)

ManageOne V100R002C20  (SC)

Application Scope

All sites that involved the version of the products.

Release Date

2014-10-10

Manpower Required

One person day/site

 

Keyword: bash

 

[Trigger Conditions]

Attackers can exploit specific environment variables of Bash to bypass environment restrictions and run shell commands. Some services and applications allow environment variables provided by remote unauthenticated attackers to be run.

 

[Check Method]

Code that contains vulnerability:

[root@localhost~]# env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

vulnerable

this is a test

[root@localhost~]#

Code that does not contain vulnerability:

[root@localhost~]# env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

bash: warning: x: ignoring function definition attempt

bash: error importing function definition for `x'

this is a test

[root@localhost~]#

 

[Root Cause]

Attackers construct special environment variables that contain malicious code. Before the Bash shell is invoked, the malicious code is executed.

 

[Impact and Risk]

The environment variables are not verified sufficiently, and therefore attackers can construct special environment variables to execute malicious code.

 

[Solution]

Install the patches released at the SUSE official website.

Download address: http://support.novell.com/security/cve/CVE-2014-6278.html

You can also download the patches from the attachment to this notice.

Patches:

bash-3.2-147.14.22.1.x86_64.rpm

bash-doc-3.2-147.14.22.1.x86_64.rpm

libreadline5-5.2-147.14.22.1.x86_64.rpm

libreadline5-32bit-5.2-147.14.22.1.x86_64.rpm

readline-doc-5.2-147.14.22.1.x86_64.rpm

 

[Procedure]

Note: In active/standby deployment, perform the following operations on both the active and standby servers.

1.    Use PuTTY to log in to a server as user root by using the management IP address.

2.    Run the following command to prevent a timeout logout of the remote access tool:

TMOUT=0

3.    Use WinSCP to upload all the rpm packages to the opt directory on the server.

4.    Run the following command to disable logout on timeout:

       cd /opt

rpm -Uvh libreadline5-5.2-147.14.22.1.x86_64.rpm  

rpm -Uvh libreadline5-32bit-5.2-147.14.22.1.x86_64.rpm

rpm -Uvh readline-doc-5.2-147.14.22.1.x86_64.rpm

rpm -Uvh bash-3.2-147.14.22.1.x86_64.rpm

rpm -Uvh bash-doc-3.2-147.14.22.1.x86_64.rpm

5.    Verify the code according to check methods to check whether vulnerability exists. If yes, contact Huawei R&D contacts for technical support.

 

[Contacts]

R&D contact person:

Sun Shuchen 00120578

Tel: 18066503937

E-Mail: sunshuchen@huawei.com

 

[Approved By] PDT manager

PDT manager: Qi Guangyu 61298

Tel: 18025319877

E-Mail: qiguangyu@huawei.com