Protect your Systems Against the Shellshock Bash Vulnerability

For those who may not be aware, its been announced last week (September 24, 2014) to be precise, of the discovery of a GNU Bash vulnerability, referred to as Shellshock. Shellshock exploit enables a remote attacker to gain control of systems remotely and execute arbitrary code via a crafted environment. The impact of this vulnerability is it Allows unauthorized disclosure of information; Allows unauthorized modification; Allows disruption of service.


The following environments have been identified to be affected

  • OpenSSH sshd
  • The mod_cgi and mod_cgid modules in the Apache HTTP Server
  • Scripts executed by unspecified DHCP clients

[box type=”danger” icon=”warning”]Detailed description of this vulnerability can be found on Red Hat website[/box]

Is my system Vulnerability?

To confirm that your system is vulnerability, run the following command

env VAR='() { :;}; echo Bash is vulnerable!' bash -c "echo Bash Test"

The result clearly shows that your system is vulnerable, but if your system is not vulnerable, the result will be displayed as follows


Is my Website Vulnerable?

To test your website for this vulnerability, click on the button below

[button href=”” style=”flat” size=”medium” icon=”exclamation-triangle”]ShellShock’ Bash Vulnerability CVE-2014-6271 Test Toole[/button]

How do I Fix iT?

Based on latest updates, Ubuntu now has the latest version of Bash sent out to their repositories. Click here for more details

For Ubuntu / Debian Systems

sudo apt-get update

sudo apt-get upgrade

For CentOS / RHEL / Fedora Systems

sudo yum update bash
comments powered by Disqus