Recent Unix security issues

Unix security vulnerabilities
Unix OS flavors have typically been immune to security hacks, the majority being targeted at Windows machines. But two recent developments warrant inspection of all Unix systems (AIX, Solaris, HP-UX, OpenVMS, and Linux).

Shellshock

The first is for the BASH shell. The buzzword name is Shellshock or Bashdoor and is somewhat unique to the BASH shell. Korn shell, Bourne shell, various ‘C’ shells and the HP-UX POSIX shell are not affected. The vulnerability exists when a specially crafted function definition is exported into the environment. Here is a good overview for Shellshock:

                http://en.wikipedia.org/wiki/Shellshock_%28software_bug%29

This 1-liner will test for the vulnerability:

                export CheckShell='() { :;}; echo vulnerable’; bash -c echo

To test other shells, just replace the bash name with ksh or sh, etc. Most flavors of Unix do not have BASH installed using the factory install media. This is true for OpenVMS as well as HP-UX and others. The exception is Linux which has historically provided BASH as the primary shell.

Here is a reference for OpenVMS:

                http://labs.hoffmanlabs.com/node/1892

For HP-UX, BASH is not supplied with the OS and would have to be downloaded and installed separately.
An updated version for HP-UX is available at:

                http://hpux.connect.org.uk/hppd/hpux/Shells/bash-4.3.030/

Note that BASH should not be the login shell for HP-UX as it is not single-user mode safe. However, the root user can start BASH after logging in with the /sbin/sh (POSIX) shell.

POODLE

The newest vulnerability comes with the cute name: POODLE which is an acronym for Padding Oracle On Downgraded Legacy Encryption. Specifically, it is an SSLv3 security vulnerability which is most commonly found in web servers such as Apache. The recommendation for now is to replace SSL with TLS for those subsystems that currently use SSLv3.Here is the NIST reference:

http://nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3566

Here is a clever test page with some details that are updated almost every day:

https:///service-it-direct.s7.devpreviewr.com.poodletest.com

Here are links for the major Unix OS’s:

OpenVMS: http://labs.hoffmanlabs.com/node/1896
HP-UX: http://h30499.www3.hp.com/t5/Fortify-Application-Security/Insight-on-the-SSLv3-POODLE-Vulnerability/ba-p/6647828
AIX: http:///service-it-direct.s7.devpreviewr.com-01.ibm.com/support/docview.wss?uid=swg21687172
Linux: http:///service-it-direct.s7.devpreviewr.com.techsupportpk.com/2014/10/How-To-Protect-your-Server-Against-the-POODLE-SSLv3-Vulnerability.html

For any system using the SSLv3 protocol, the issue should be immediately addressed.

– See more at: http://serviceitdirect.com/blog/recent-unix-security-issues#sthash.gYDcUBSA.dpuf


Tags: