Security
  • Announcements
  • Promotions
  • Products and Services
  • Company News
  • Tips and Tricks
  • Security
September 25 2014
Security
Bug in linux 'bash' causes 'shellshock' - update required
PostedThursday September 25th 2014

A vulnerability in the linux Bash shell may allow for an attacker to execute code on a server and open the door to other attacks taking place that could lead to the server becoming fully compromised.

Many security experts are calling this bug “bigger than Heartbleed” and it’s important that system administrators patch vulnerable systems as soon as possible.

Affected distributions include:

  • Red Hat Enterprise Linux (versions 4 through 7)
  • Fedora
  • CentOS (versions 5 through 7)
  • CloudLinux
  • Debian

To test your system for the exploit, you can run this command from shell:

$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
vulnerable
this is a test

Most linux distributions have issued a fix, and for Redhat, CloudLinux and CentOS systems you can run yum update which will bring down the updated version of Bash.

Your system is no longer vulnerable if the above test returns this:

$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test

Mac OS remains unpatched by Apple at the time of writing.

Further information on this bug can be found at:

https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/

http://seclists.org/oss-sec/2014/q3/649

 

Share this article
VentraIP Australia is the largest privately owned web host and domain name registrar in Australia, backed by a team of i...
Who are VentraIP Australia?
VentraIP Australia is the largest privately owned web host and domain name registrar in Australia, backed by a team of industry veterans and local technical professionals.
View website