Learn about the vulnerability known as Shellshock, if you need to worry and what to do in case you need. This bug, found on September 24 is a seriou vulnerability, but relatively restricted. Here at Softerize all our servers have been updated.
What is it?
The Shellshock is a Bash vulnerabilty – the command line app – in operation systems based on Unix. That’s Linux distros and the OS X. The problem is not so important on Apple computers, because they’re usually not used as servers. Besides, Apple already released an update for the issue.
In case you have Linux servers, like us, you should worry. To test if your computer is at risk, open up the command line. You can connect via SSH directly or through an app line Tunnelier. Run the following command:
|
1 |
env X='() { :; }; echo "CVE-2014-6271 vulnerable"' bash -c id |
If you see “CVE-2014-6271 vulnerable”, that you need to update your Bash. If you don’t do that, it will be possible to run external code in your Bash, even remotely.
In case your Bash is not vulnerable, be aware that new vulnerabilities were found. So visit https://github.com/mubix/shellshocker-pocs and test the different commands. You can also run the script available in https://github.com/hannob/bashcheck to test.
Fixing
to fix the problem you need to update Bash. Depending on your Linux distro, you’ll need an specific command.
Ubuntu/Debian
Use apt-get:
|
1 |
sudo apt-get update && sudo apt-get install --only-upgrade bash |
CentOS / Red Hat / Fedora
Use yum:
|
1 |
sudo yum update bash |
Conclusion
Update your servers as soon as possible to avoid future problems. And try to keep them up to date.
Leave A Comment