Cisco 3560 GNU Bash Environment Variable Command Injection Vulnerability

Similar Messages

• False Positive on Sig 4689/1 Bash Environment Variable Command Injection

  I am seeing what I believe is false positives on Sig 4689/1 outbound from our network. When I look at the traffic capture from events it does not seem to match inbound traffic events that fire on the same signature. The inbound traffic looks very much like what I think is the exploit code for the Bash injection vulnerability. 
  Any one else seeing this on their systems?
  Mike

  I'm seeing things like this. Whenever I look up the victim IPs they resolve to Amazon servers. It looks like a false positive to me also.
  event_id = 1360033965674082135
  severity = high
  device_name = xxxxxxx
  app_name = sensorApp
  receive_time = 09/28/2014  06:32:59
  event_time = 09/28/2014 10:33:29
  sensor_local_time = 09/28/2014 06:33:29
  sig_id = 4689
  subsig_id = 1
  sig_name = Bash Environment Variable Command Injection sig_details = CVE-2014-6271 sig_version = S824 attacker_ip = xxx.xxx.xxx.xxx attacker_port = 50986 attacker_locality = OUT victim_ip = 54.204.5.190 victim_port = 80 victim_os = unknown unknown (relevant) victim_locality = OUT summary_count = 0 initial_alert_id = summary_type = is_final_alert = interface = GigabitEthernet0/1 vlan = 0 virtual_sensor = vs0 context = bGVicml0eWJhYmllcy5wZW9wbGUuY29tJTdDYWlkJTNEMjA4OTQ1JTdDY2glM0RiYWJpZXMlN0NzY2glM0RuZXdzJTdDcHR5cGUlM0Rjb250ZW50JTdDY3R5cGUlM0RibG9nJTdDcGFnZSUzRDElN0NzdWJqJTNEYmFiaWVzJTJDa2FueWUtd2VzdCUyQ2tpbS1rYXJkYXNoaWFuJTJDbmV3cyU3Q2NlbGViJTNEJTdDdW5pcXVlJTNEZnVuY3Rpb24rKCkrJTdCJTBBKysrKysrKysrKysrdmFyK2ErJTNEKyU1QiU1RCUyQ2srJTNEKzAlMkNlJTNCJTBBKysrKw==$
  actions = droppedPacket+deniedFlow+tcpOneWayResetSent
  alert_details = InterfaceAttributes:  context="single_vf" physical="Unknown" backplane="GigabitEthernet0/1" ; risk_rating_num = 100(TVR=medium ARR=relevant) threat_rating = 65 reputation = protocol = tcp

• Using BASH environment variables in xCode build configuration

  Hi All,
  Is it possible to use BASH environment variables (exported from /etc/profile, for example) in xcode build settings?
  Specifically, I am exporting a "BOOST_HOME" variable, and would like to referencing this variable in "User Header Search Path", but the obvious $BOOST_HOME doesn't seem to work?
  Thanks,
  Andrew

  I don't know much about XCode -- but to set environment variables for GUI applications you need to edit ~/.MacOSX/environment.plist. There's a description here:
  http://wiki.lyx.org/Mac/Environment
  After editing that file I believe you have to logout and back in for the changes to take effect.
  I swear I saw a GUI app to help edit that file, but I can't find it now...

• Single-session bash environment variables

  I would like to run a program with a specific proxy, but I don't want any other programs to use that proxy. Would something like this work?
  #!/bin/sh
  http_proxy=proxy_address
  program_name
  exit 0
  Do I need to export the http_proxy variable? It seems like the variable would be persistent instead of just being used for the one program that is being called.

  mrbug wrote:
  Ah.. Thanks for replying!
  So then the export lines in .bashrc send the variables only to your spawned (which turns out to be every) bash processes? That must be what was confusing me...
  Exactly
  mrbug wrote:Just out of curiosity, how would you (if it's possible) send variables to a parent process?
  I think it's not possible. Please correct me if I'm wrong!

• Fix for GNU bash vulnerability CSCur05454 in Instant Messaging & presence server available?

  Hello,
  bug reports says 'Status: fixes' but I cannot find a patch for IM&P.
  any information abaout that?
  Juergen

  The Readme document of the CUCM IM&P 10.5 Bash Environment Variable Patch.
  http://software.cisco.com/download/release.html?mdfid=286269517&flowid=50462&softwareid=282074312&release=UTILS&relind=AVAILABLE&rellifecycle=&reltype=latest (registered users only)
  states :
  This package will install on the following System Versions: 
    - 8.6.4.10000-28 or any higher version starting with 8.6.4.xxxxx 
   - 8.6.5.10000-12 or any higher version starting with 8.6.5.xxxxx
   - 9.1.1.10000-8 or any higher version starting with 9.1.1.xxxxx 
   - 10.0.1.10000-26 or any higher version starting with 10.0.1.xxxxx 
   - 10.5.1.10000-9 or any higher version starting with 10.5.1.xxxxx 
  So the answer for you is : you should have at least/upgrade to 8.6.4.10000-28 and then apply the patch.
  Regards.

• CUCM GNU BASH vulnerability

  Hi
  Cisco advisory states that versions 9.0, and 9.1 are vulnerable and a fix (9.1(2.13060.1)) is available however I do not see this file available on the downloads page. 
  https://software.cisco.com/download/release.html?mdfid=284510097&flowid=45900&softwareid=282074295&release=9.1(2)SU2a&relind=AVAILABLE&rellifecycle=&reltype=latest
  does anyone know where is this upgrade file available?

  The Readme document of the CUCM IM&P 10.5 Bash Environment Variable Patch.
  http://software.cisco.com/download/release.html?mdfid=286269517&flowid=50462&softwareid=282074312&release=UTILS&relind=AVAILABLE&rellifecycle=&reltype=latest (registered users only)
  states :
  This package will install on the following System Versions: 
    - 8.6.4.10000-28 or any higher version starting with 8.6.4.xxxxx 
   - 8.6.5.10000-12 or any higher version starting with 8.6.5.xxxxx
   - 9.1.1.10000-8 or any higher version starting with 9.1.1.xxxxx 
   - 10.0.1.10000-26 or any higher version starting with 10.0.1.xxxxx 
   - 10.5.1.10000-9 or any higher version starting with 10.5.1.xxxxx 
  So the answer for you is : you should have at least/upgrade to 8.6.4.10000-28 and then apply the patch.
  Regards.

• PATH environment variable, Bash

  I want to set a symlink to this path:
  /opt/local/Library/Frameworks/Python.framework/Versions/2.6/bin/django-admin.py
  I have tried myself & have failed the last two days. Does anyone have any suggestions on setting up a symlink to this path?
  Also should I put it in my bashrc file or my .profile (file)? thanks.

  Terminal, Unix, shell, etc... questions are best asked in the Mac OS X Technologies > Unix Forum
  <http://discussions.apple.com/forum.jspa?forumID=735>
  ln -s /opt/local/Library/Frameworks/Python.framework/Versions/2.6/bin/django-admin.py /path/to/where/you/want/the/symlink/to/reside
  A symlink is a file in the file system, so once you create it, it is going to stay until you delete it. No need to put this in .bashrc or .profile
  Unless you were actually asking about a shell command alias, which is not to be confused with a Finder Alias, as a Finder Alias is more like an symlink, only different, than it is like a shell command alias.
  A shell alias would be
  alias fred='/opt/local/Library/Frameworks/Python.framework/Versions/2.6/bin/django-admin.py'
  and that you would ideally put in your .bashrc, but .bashrc is not invoked during login, unless you source it from your .profile (assuming you do not also have a .bash_profile, which would get invoked instead of .profile, as bash has rules explained in "man bash" about what initialization files it reads, and which ones it preferes.
  As for the PATH environment variable, that would be exported from .profile (again keeping in mind the rules about .profile vs .bash_login vs .bash_profile).
  It is unclear whether you want a symlink to django-admin.py, a command alias, or just to put /opt/local/Library/Frameworks/Python.framework/Versions/2.6/bin/ in your PATH.
  Please take any follow up discussions to the Unix forum.

• How to export an environment variable from command line ?

  Hello,
  I have build a python application which run some processes(or executable or other python scripts) using subprocess.
  i.e.
  subprocess.call(["xyz.py"], shell=True, stdout=log_file, stderr=log_file)
  Above call throws an error as "xyz.py is not recognized as an internal or external command." I added the location of xyz.py into path variable inside a batch script which I used to run before running the script.
   set PATH=D:\path of xyz:%PATH%
  But As subprocess executes a script into anther child shell, This setting is not available in child shell (or sub-shell) used by python script.
  How can I make this PATH setting available to sub-shell also ?

  Rather than going into much details I have used explicit path by referring only one environment variable of the shell where application is running.
  i.e.  As xyz.py will be in a specific location of my repository, I am setting path of root_dir:
        set root_dir=<path_of_root_dir>
        And then,
        subprocess.call([os.path.join(os.environ['roo_dir'], 'dir', 'xyz.py')], ...)

• Using environment variables in RMAN command line

  I'm running Oracle 11gR2 and working in a Solaris 10 environment.
  I am trying to run the rman command by connecting to the target, auxiliary, and catalog by catting out the contents of password files where I have my connect strings stored for each database. Also in there I am trying to use environment variables to reference each database.
  rman target "`cat ${HOME}/password_dir/prod_connect.txt`@${PROD_DB}" auxiliary "`cat ${HOME}/password_dir/stage_connect.txt`@`${STAGE_DB}`" catalog "`cat ${HOME}/password_dir/rman_catalog_connect.txt`@${RMAN_CATALOG_DB}"
  The end result I need is:
  rman target "username/password@db" auxiliary "username/password@db" catalog "username/password@db"
  Is this possible?

  Levi,
  Good idea on the variables. I set up a variable with my connect string including the TNS reference (i.e. user/password@XXX)
  So when I run this:
  rman auxiliary ${AUXILIARY}
  I get this:
  Recovery Manager: Release 11.2.0.2.0 - Production on Wed Jun 13 10:19:44 2012
  Copyright (c) 1982, 2009, Oracle and/or its affiliates. All rights reserved.
  RMAN-00571: ===========================================================
  RMAN-00569: =============== ERROR MESSAGE STACK FOLLOWS ===============
  RMAN-00571: ===========================================================
  RMAN-00554: initialization of internal recovery manager package failed
  RMAN-04006: error from auxiliary database: ORA-01031: insufficient privileges
  But if I try to run it without the TNS entry it works. The only issue with that is I need the TNS reference to connect to the database I'm cloning from. Any idea what's going on here?
  Also, the same applies to the TARGET, but oddly enough not the CATALOG. It will connect to my rman catalog using the TNS just fine. The only difference is with the catalog I'm logging in as my rman catalog user. With the TARGET and AUXILIARY I'm logging in as the system user.
  Edited by: Nevin on Jun 13, 2012 8:25 AM

• What is happening about: The GNU Bourne Again Shell (Bash) is a command line utility widely used in many Unix-based operating systems including Linux and OS X.  Researchers have discovered a critical flaw in Bash which could allow remote code executi

  Authoritative advice today:
  The GNU Bourne Again Shell (Bash) is a command line utility widely used in many Unix-based operating systems including Linux and OS X.
  Researchers have discovered a critical flaw in Bash which could allow remote code execution by an unauthenticated user
  APPLE response?

  Also see:
  http://www.macrumors.com/2014/09/26/apple-os-x-users-safe-bash-flaw-update-soon/
  If you are not running a web server
  If you have not enabled CUPS web interface
  If you do not allow anonymous users to ssh into your Mac.
  If all are no, they you are not at risk.
  This IS a very serious bug for web servers, but the typical consumer Mac user is not at risk.

• [SOLVED] bash - diff btwn 'normal' environment variables and VAR=x cmd

  I always assumed variables passed like this:
  VAR=value cmd
  are passed to the program in the same way as environment variables. However; this is not the case; who can explain this?
  $ svn commit
  svn: E205007: Commit failed (details follow):
  svn: E205007: Could not use external editor to fetch log message; consider setting the $SVN_EDITOR environment variable or using the --message (-m) or --file (-F) options
  svn: E205007: None of the environment variables SVN_EDITOR, VISUAL or EDITOR are set, and no 'editor-cmd' run-time configuration option was found
  $ VISUAL=$VISUAL svn commit
  Sending file
  Deleting file
  Adding file
  Transmitting file data ..
  Last edited by Spider.007 (2014-04-24 17:55:49)

  I'm curious too.  I could at least *speculate* on how it could go wrong the other way around: if the envoked process spawns a new process that inherits a more general environment than the parent's, the first could work and the second could fail - but these results indeed should not happen.
  Test code as evidence that the variables are passed in the same way:
  #include <stdio.h>
  int main(int argc, char **argv, char **env) {
  char **envp;
  for (envp = env; envp && *envp; envp++) printf("%s\n", *envp);
  return 0;
  Basically this is a very basic `env'.  It shows all environment variables known to the process.  No matter how they are set, they are all placed in env.
  NOTE: most programs will use getenv() rather than the extra parameter to main(), but this is meant to test what is passed where.
  Last edited by Trilby (2014-04-24 13:07:21)

• Setting environment variable CONFIGROOT

  Hi
  I want to find the msg store for a particular user account so i'm planning to use hashdir command utility and the requirement for the same is given
  below
  Requirements:
  Must be run locally on the Messaging Server. Make sure that the environment variable CONFIGROOT is set to msg_svr_base/config.
  My Ques..
  1. How i have to set CONFIGROOT and in which file ???
  Thanks in Advance

  Hi,
  CONFIGROOT is a shell environment variable. It needs to be set in the environment of the shell you are using for example for bash shell:
  export CONFIGROOT=<msg_base>/config
  Regards,
  Shane.

• How can I set PATH environment variables when there is no ~/.profile?

  Hi,
  I have a MacBook Air and just installed MySQL.
  I read the doc which I downloaded and should be able to run "mysql" from terminal as descibed below:
  Suppose that your MySQL programs are installed in /usr/local/mysql/bin and that you want to make it easy to invoke these programs. To do this, set the value of the PATH environment variable to include that directory. For example, if your shell is bash, add the following line to your .bashrc file:
             PATH=${PATH}:/usr/local/mysql/bin
  I checked on my terminal with ls -al, but no ~/.bashrc also no ~/.profile files.  Echo $SHELL shows me that I am using /bin/bash as shell.
  When I run export PATH=$PATH:/usr/local/mysql/bin  then it works and I just have to type "mysql" to get the mysql command line but as soon as I kill my terminal and open a new terminal this setting is lost.
  Any idea how I can accomplish this?
  Thanks,
  MacNewby

  Hi,
  Never mind, I found it :-)
  I just created a file  .bash_profile in my home folder and added "export PATH=$PATH:/usr/local/mysql/bin" and restarted my terninal. Now it works.
  MacNewby

• ZLinux environment variables missing after install

  Suse 9.0 Service pack 2
  Oracle 10g
  During the installation, I had to interactively define a bunch of environment variables. The Oracle installation instructions didn't say to put them in a .profile or any other type of file that may be executed when necessary.
  However, after rebooting, those variables are gone.
  So things like logoning on to the Oracle userid and trying to execute "sqlplus" fails. When I recode these variable, at least it can find the "sqlplus" command.
  Of course, these variables may also be necessary for the db to come up.
  So, I'm backtracking. What did I miss? Where did these variables go? Was there a step that wasn't documented? Was there something I was suppose to "automagically" know?
  So, for those Linux shops, did you have to code a file with these variables?
  I did the "export" command. Sure doesn't look like these variables were saved across boots.
  Any ideas?
  Thanks
  Tom Duerbusch
  THD Consulting

  I'm going to add some things to this.
  In the IBM manual on the installation of Oracle 10g on Suse 9.0, it does show putting the environment variables in the .profile file. (This is under the bash shell.)
  So, last night, I tested .profile. Didn't work. Under the bash shell, the bashrc file would contain items that are executed at logon time. At least by default.
  So, there is something missing, higher up in the food chain. Perhaps something not done during the Linux install that either tells the system to either use the .profile file at logon time (the way the IBM manual says), or automagically keeps the environment variables set across boots, (the way the Oracle Installation manual assumes).
  Anyone recall something like that? Or are most of the people here, been given their Linux images. And your responsibility is only the Oracle DBA side? Perhaps I need to get to a Linux group for this one.
  Thanks
  Tom Duerbusch
  THD Consulting

• Oracle Environment Variable Problem - OCIEnvNlsCreate() failed

  We are using PHP 5.2.3 with oci8 version 1.2.3 in CentOS 5.0.
  We have installed Oracle 10g in the same machine where Apache (2.2.3) is running.
  First we tried to set the Oracle environment variable in httpd.conf as
  SetEnv ORACLE_HOME u01/app/..../db_1
  SetEnv ORACLE_SID oratest.
  But we were unable to connect and got the message 'OCIEnvNlsCreate() failed'.
  Then we tried to set the environment variables in root's bash profile.
  Then it did work in PHP command line interface. But it didn't work in browser. Interestingly, getenv function shows the environment variables correctly (even in the browser).
  We also given the read and execute permissions for all users in all directories of oracle. But still it gives the same error.
  Please help.

  While trying to get new oci8 php extension to work I remember trying to set parameters using SetEnv inside apache httpd.conf or inside .htaccess file. However this is not recommended and I remember seeing some suggestions as not to use SetEnv for Oracle environment variables. I also had issues with that before. I went and added bash
  export ORACLE_HOME=... to the Apache startup script in /etc/init.d and this has resolved the problem for me.
  I hope this helps.
  Gena01