How to protect Ubuntu against the Shellshock exploit

Shellshock is quite a serious security hole found a couple of days ago in Bash; to check whether your Ubuntu server is vulnerable run the following in a terminal:


env VAR='() { :;}; echo Shellshock vulnerable!‘ bash -c “echo Bash Testing”


If your system is vulnerable, you will see:


Shellshock vulnerable!

Bash testing


If it is not vulnerable, you will see:


bash: warning: VAR: ignoring function definition attempt
bash: error importing function definition for `VAR’
Bash testing


If you are vulnerable, you can update bash by running the following:

sudo apt-get update && sudo apt-get install --only-upgrade bash


Once the update has finished, run the code to check your vulnerability again and it should be sorted. NOTE! Only the currently-supported versions of Ubuntu will get the bash update – if you are running anything older (e.g. 13.04, 13.10 or anything older that isn’t a still-supported LTS release) you will need to update your Ubuntu install to have the above work.



, ,