Protect your Systems Against the Shellshock Bash Vulnerability

For those who may not be aware, its been announced last week (September 24, 2014) to be precise, of the discovery of a GNU Bash vulnerability, referred to as Shellshock. Shellshock exploit enables a remote attacker to gain control of systems remotely and execute arbitrary code via a crafted environment. The impact of this vulnerability is it Allows unauthorized disclosure of information; Allows unauthorized modification; Allows disruption of service.

shellshock-01

The following environments have been identified to be affected

  • OpenSSH sshd
  • The mod_cgi and mod_cgid modules in the Apache HTTP Server
  • Scripts executed by unspecified DHCP clients

[box type=”danger” icon=”warning”]Detailed description of this vulnerability can be found on Red Hat website[/box]

Is my system Vulnerability?

To confirm that your system is vulnerability, run the following command

env VAR='() { :;}; echo Bash is vulnerable!' bash -c "echo Bash Test"

The result clearly shows that your system is vulnerable, but if your system is not vulnerable, the result will be displayed as follows

shellshock-02

Is my Website Vulnerable?

To test your website for this vulnerability, click on the button below

[button href=”http://shellshock.brandonpotter.com/” style=”flat” size=”medium” icon=”exclamation-triangle”]ShellShock’ Bash Vulnerability CVE-2014-6271 Test Toole[/button]

How do I Fix iT?

Based on latest updates, Ubuntu now has the latest version of Bash sent out to their repositories. Click here for more details

For Ubuntu / Debian Systems

sudo apt-get update

sudo apt-get upgrade

For CentOS / RHEL / Fedora Systems

sudo yum update bash
 
comments powered by Disqus