easyhostmedia
Well-known member
Just got this from Tagadab that will be of use to many using Linux servers.
Hi Terry,
I am writing to make you aware of a vulnerability affecting Linux servers and action we recommend you should take.
The vulnerability is called Shellshock and is a mistake in the code of a program called Bash, which is typically installed on Linux servers. The bug allows someone to send commands to computers to which they should not have access. This vulnerability should be taken seriously so we need you to follow the steps below to ensure your server is not vulnerable.
1) DETERMINE IF YOUR SYSTEM IS VULNERABLE:
To establish if your Linux server is affected by this vulnerability, log into your server as root via SSH and run the following command:
env x='() { :;}; echo vulnerable' bash -c "echo Shellshock"
A system affected by the bug should return the following:
vulnerable
Shellshock
On the other hand, a secure system would reply with:
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
Shellshock
2) SECURE YOUR SYSTEM:
If your system is vulnerable, you can secure it as follows:
For Red Hat and CentOS servers:
1 - Login to your server as root via SSH
2 - Run the command:
yum update bash
3 - Once this command has completed, rerun the above vulnerability test and you should see that your system is now passes the vulnerability test.
Let me know if we can be of more help.
Anna Scapin
Tagadab Team