Shellshock Linux Vulnerability

[easyhostmedia]

Just got this from Tagadab that will be of use to many using Linux servers.

Hi Terry,

I am writing to make you aware of a vulnerability affecting Linux servers and action we recommend you should take.

The vulnerability is called Shellshock and is a mistake in the code of a program called Bash, which is typically installed on Linux servers. The bug allows someone to send commands to computers to which they should not have access. This vulnerability should be taken seriously so we need you to follow the steps below to ensure your server is not vulnerable.

1) DETERMINE IF YOUR SYSTEM IS VULNERABLE:

To establish if your Linux server is affected by this vulnerability, log into your server as root via SSH and run the following command:

env x='() { :;}; echo vulnerable' bash -c "echo Shellshock"

A system affected by the bug should return the following:

vulnerable
Shellshock

On the other hand, a secure system would reply with:

bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
Shellshock

2) SECURE YOUR SYSTEM:

If your system is vulnerable, you can secure it as follows:

For Red Hat and CentOS servers:

1 - Login to your server as root via SSH
2 - Run the command:
yum update bash
3 - Once this command has completed, rerun the above vulnerability test and you should see that your system is now passes the vulnerability test.

Let me know if we can be of more help.

Anna Scapin
Tagadab Team

 

[zomgmike]

Don't forget to patch your OS templates too. No sense in giving your customers an "OS reinstall" button only for them to reinstall the OS to a vulnerable copy.

 

[24x7server]

Hi,

Please make a note, you should when you hit command " env x='() { :;}; echo vulnerable' bash -c "echo Shellshock" " you should be getting below output:
-------------------------------------
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
Shellshock
-------------------------------------

If you get the above output, then the bash is patched and if not, you still have to update the bash.

One thing to be sure that you may need to manually update the bash if the automatic update is not patching it. Get the patch and the source package of the bash and patch it and then manually compile and apply it. In most of the Debian systems, you may have to do this manually or get a debian bash package to install it.