Check If Your Linux Server Is Vulnerable to Shellshock
What Is ShellShock?
There is a new discovered vulnerability in Mac and Linux computers that puts your entire system in serious risk for malicious attacks.
The vulnerability is called Shellshock, and it works by using a bash script to access your computer. Once the attacker has accessed your computer, they can do anything from launching programs, enabling certain features and accessing all your files. Please note that this script only affects UNIX-based systems so any Windows based user is fine, but Mac and Linux users beware, you are probably vulnerable!
How to check if you’re affected with ShellShock?
You will need to ssh into your server as root or a user with administrator privileges.
Check if your bash version is vulnerable by running the following command:
$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
How do I fix Shellshock?
If your version is 3.2.51(1)- erase then you’ll need to get it updated.
To update & patch your system read below:
If you’re running CentOS, RedHat or Fedora then you can use the following command
$ yum -y update bash
If you’re running Debian or Ubuntu then you can use the following command:
|
1
|
sudo apt-get update && sudo apt-get install --only-upgrade bash |
Now you can double check by running the test command again and you will see this:
|
1
2
3
|
bash: warning: x: ignoring function definition attemptbash: error importing function definition for `x'this is a test |
