Knowledgebase

How can I resolve the bash vulnerability Shellshock/Bashdoor?

24 Sep 2014 the information about CVE-2014-6271 (Shellshock or Bashdoor) was published. This vulnerability represent danger for Linux VPS owners and users in particular.
The most common use of the bash program that is affected by this vulnerability is the use of it as Linux command shell. However, bash can be used for queries processing in web servers and other Internet services. Shellshock allows an attacker to run commands in the system and gain control over it.
At the moment there are many posts about this vulnerability in the Internet.

Below there are two variants to resolve it:

1) To update bash on the server:

For Redhat\CentOS
  • Connect to the server via SSH.
  • Run the following commands:
yum update bash
yum update bash-4.1.2-15.el6_5.1
  • Reboot the server.
For Debian\Ubuntu
  • Connect to the server via SSH.
  • Check bash version by running the following command:
dpkg -s bash | grep Version
For Debian\Ubuntu
  • Update bash version:
sudo apt-get update && sudo apt-get install bash

You can check whether bash is vulnerable by running:

env X="() { :;} ; echo Bash is vulnerable" bash -c "echo Bash is OK"

If the answer is "Bash is OK" - the update is successful, if the answer is "Bash is vulnerable" - bash is still vulnerable.

2) To update the operating system (that will entail bash updating also):

For CentOS
  • Connect to the server via SSH.
  • Run the following commands:
yum update
  • Reboot the server.
For Debian\Ubuntu
  • - Connect to the server via SSH.
  • Run the following commands:
sudo apt-get update
sudo apt-get upgrade
  • Reboot the server.

 

The vulnerability has been found in the following distributives

Bash distributives for Red Hat:
bash-3.0-27.el4.2
bash-3.2-32.el5_9.2
bash-3.2-24.el5_6.1
bash-3.2-33.el5_11.1.sjis.1
bash-3.2-33.el5.1
bash-4.1.2-15.el6_4.1
bash-4.1.2-9.el6_2.1
bash-4.1.2-15.el6_5.1.sjis.1
bash-4.1.2-15.el6_5.1
bash-4.2.45-5.el7_0.2

Red Hat products with vulnerable bash:
Red Hat Enterprise Linux 7
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 4

All CentOS versions starting with 4th.
In case you have any questions, please, contact us at support@sitevalley.com

Also Read

Language:

Quick Navigation

Client Login

Email

Password

Remember Me

Search