Switched On Tech Design

Tag: exploit

  • How to protect your CentOS server from the Shellshock exploit

    Shellshock is quite a serious security hole found a couple of days ago in Bash; to check whether your CentOS server is vulnerable run the following in a terminal:

    env VAR='() { :;}; echo Shellshock vulnerable!' bash -c "echo Bash Testing"

    If your system is vulnerable, you will see:

    Shellshock vulnerable!

    Bash testing

    If it is not vulnerable, you will see:

    bash: warning: VAR: ignoring function definition attempt
    bash: error importing function definition for `VAR’
    Bash testing

    If you are vulnerable, you can update bash by running the following:

    sudo yum update bash

    Once the update has finished, run the code to check your vulnerability again and it should be sorted.

  • How to protect Debian from the Shellshock exploit

    Shellshock is quite a serious security hole found a couple of days ago in Bash; to check whether your Debian server is vulnerable run the following in a terminal:

    env VAR='() { :;}; echo Shellshock vulnerable!‘ bash -c “echo Bash Testing”

    If your system is vulnerable, you will see:

    Shellshock vulnerable!

    Bash testing

    If it is not vulnerable, you will see:

    bash: warning: VAR: ignoring function definition attempt
    bash: error importing function definition for `VAR’
    Bash testing

    If you are vulnerable, you can update bash by running the following:

    sudo apt-get update && sudo apt-get install --only-upgrade bash

    Once the update has finished, run the code to check your vulnerability again and it should be sorted.