shelbomb

On September 24th 2014, a vulnerability was reported in the GNU Bourne-Again-Shell (BASh, or Bash), specifically a flaw with how Bash processes values of environment variables, that allows remote code execution of varying types in many common configurations. The overall risk is severe due to bash being configured for use, by default, on most Linux servers.

Although we immediately began working to proactively patch this vulnerability, some servers may remain vulnerable depending on their update settings or other unforeseen intervening factors.

In a nutshell, this flaw exploits Bash, a Unix command-line shell run by default on most Linux servers and allows for remote code execution, and many types of command-line based attacks.

No need to panic, a patch is available, and your server can be easily updated.

First check whether your server is vulnerable

To test if your version of Bash is vulnerable, run the following command:

$ env x='() ; echo vulnerable' bash -c "echo this is a test"

If the output of the above command looks as follows:

vulnerable
this is a test

You are using a vulnerable version of Bash. The patch used to fix this issue ensures that no code is allowed after the end of a Bash function.

If you run the above example with the patched version of Bash, you should get an output verifying you are not vulnerable:

$ env x='() ; echo vulnerable' bash -c "echo this is a test"
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test

If you have a managed server with us, please contact technical team to get patch the vulnerability. Please do not do it yourself.

Updating Bash on Red Hat and CentOS

Pre-Flight Check

These instructions are intended specifically for updating Bash on Red Hat and CentOS.

Clean-Up Yum

yum clean all

Update Bash

Updating Bash is as simple as running just one command:

yum -y update bash

Updating Bash on Debian and Ubuntu

Pre-Flight Check

These instructions are intended specifically for updating Bash on Debian and Ubuntu.

Clean-Up Apt-get

apt-get autoclean

Update Bash:

Updating Bash is as simple as running just one command:

apt-get install --only-upgrade bash

Updating Bash on CentOS 6 and CentOS 7

Pre-Flight Check

These instructions are intended specifically for updating Bash on CentOS 6 and CentOS 7.

Clean-Up Yum

yum clean all

Update Bash

Updating Bash is as simple as running just one command:

yum -y update bash

Contact our 24*7 technical team for any assistance.

Posted by blogadmin

Veeble has been a major player in the Web Hosting Industry since 2009. Over a short and sweet span of just 6 years, having built a client base of over 5,000 from 130+ Countries, we have become one of the fastest growing web hosting and domain providers, powering more than 20,000 websites to date.

Leave a reply