Leverage SmartState for CVE-2014-6271? (shellshock bash vulnerability)


#1

We were wondering if SmartState could be leveraged to identify systems in the environment with the Bash shell vulnerability.

http://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/


#2

Absolutely, you can scan file information, file contents, users, groups, etc… there forebased on the article links you have posted;

“The fix is an update to a patched version of the Bash shell”

We would scan for the bash file itself, this would come back to include its version, date, time stamps.
You can then create a compliance check that returns true or false to a specific a minimum version, date/time stamp etc…

Here is a link to some VMware based security hardening checks on exactly the type of thing you describe, they may help as a reference.

https://dl.dropboxusercontent.com/u/48775504/SHG.yaml

Hope this helps


#3

@jhardy I believe we have an example somewhere for the Heartbleed vulnerability that is done almost exactly the same way (i.e. check for openssl version). Do you have a link to that?


#4

Sure,

http://ask.manageiq.org/question/33/protecting-myself-against-openssh-and-openssl-cves/

Also there is a YMAL somewhere on Mojo I shall send you the link.


#5

Thanks @jhardy . Since ask is going away and that link will probably die, I’m copying here for posterity:


#6

Can someone writeup a blog-worthy post on this? I’ll publish on manageiq.org/blog/


#7

Done, the article I blogged has a link to a downloadable policy profile that you can simply import and go.

thanks


#8

Also video of the demo, http://youtu.be/RDcIIyYK044
ta ta


#9

Nice! Will grab your blog post and video and syndicate them.