Running a VPS/Server? Watch out for the Shell Shock bug

0 replies
If you're running a VPS or a dedicated server, you should be aware of a new bug, commonly being called the Shell Shock bug:

From Bash Bug May Be Worse Than Heartbleed

CVE-2014-6271, a vulnerability in the command shell Bash, affects many Linux- and UNIX-based systems. Although no exploits have yet been seen in the wild, the pervasiveness and ease of exploit have earned it a CVSS score of 10.

The bug makes remote code execution possible, even though Bash itself does not handle data from remote users.
In plain English, this is bad. Very, very, very bad.

From September | 2014 | Ars Technica

There is an easy test to determine if a Linux or Unix system is vulnerable. To check your system, from a command line, type:

PHP Code:
env x='() { :;}; echo vulnerable' bash -"echo this is a test" 
If the system is vulnerable, the output will be:

PHP Code:
vulnerable
this is a test 
An unaffected (or patched) system will output:

PHP Code:
 bashwarningxignoring function definition attempt
 bash
error importing function definition for `x'
 this is a test 
Luckily, to patch your systems, you only need to update Bash. Most -- though not all -- distros have already released updates, so definitely make sure when you do update, the fix is included.

To update your CentOS/RedHat/Amazon Linux server you can run:
PHP Code:
sudo update bash 
To update your Debian/Ubuntu server you can run:
PHP Code:
sudo apt-get update && sudo apt-get install --only-upgrade bash 
You should also know that this likely affects MacOS X and other *nix systems.

Now go patch your systems!!!
#bug #running #shell #shock #vps or server #watch

Trending Topics