A Comprehensive Analysis on Bash Shellshock (CVE-2014-6271)


First Release Time: 10:00, September 25, 2014
Update Time: 13:20, September 29, 2014

In September 24th, 2014 Bash was announced to have remote code execution vulnerability, the Security Research and Emergency Response Center of Antiy Labs (Antiy CERT) determined according to the information at the first time, having confirmed that this vulnerability is wildly distributed and might lead to serious effects. Therefore, Antiy CERT started the A level risk emergency response at 5:30 am on September 24.
Antiy CERT carried out strict analysis and verification on this vulnerability, confirming that it has impact on the Linux and Mac OSX operation systems, including but not limited to Redhat, CentOS, Ubuntu, Debian, Fedora, Amazon, Linux and OS X10.10. It can execute the wanted attack code scripts by means of constructing values of the environment variable. The vulnerability may influence several applications have interaction with it, including HTTP, OpenSSH, DHCP etc. According to the current situations of vulnerability verification and POC, this vulnerability will severely affect the safety of network infrastructure, including but not limited to network appliances, network security devices, cloud and big data center. Specifically, as Bash is distributed and located wildly in devices, the eliminating process will last very long. Meanwhile, it can be easily used to write worms for automatic propagation, which will result in the development of botnet. Currently, several foreign security organizations have made alarms.

Download PDF: A_Comprehensive_Analysis_on_Bash_Shellshock_(CVE-2014-6271)_V1.52