Switched On Tech Design

Tag: shellshock

  • How to protect your CentOS server from the Shellshock exploit

    Shellshock is quite a serious security hole found a couple of days ago in Bash; to check whether your CentOS server is vulnerable run the following in a terminal:

    env VAR='() { :;}; echo Shellshock vulnerable!' bash -c "echo Bash Testing"

    If your system is vulnerable, you will see:

    Shellshock vulnerable!

    Bash testing

    If it is not vulnerable, you will see:

    bash: warning: VAR: ignoring function definition attempt
    bash: error importing function definition for `VAR’
    Bash testing

    If you are vulnerable, you can update bash by running the following:

    sudo yum update bash

    Once the update has finished, run the code to check your vulnerability again and it should be sorted.

  • How to protect Debian from the Shellshock exploit

    Shellshock is quite a serious security hole found a couple of days ago in Bash; to check whether your Debian server is vulnerable run the following in a terminal:

    env VAR='() { :;}; echo Shellshock vulnerable!‘ bash -c “echo Bash Testing”

    If your system is vulnerable, you will see:

    Shellshock vulnerable!

    Bash testing

    If it is not vulnerable, you will see:

    bash: warning: VAR: ignoring function definition attempt
    bash: error importing function definition for `VAR’
    Bash testing

    If you are vulnerable, you can update bash by running the following:

    sudo apt-get update && sudo apt-get install --only-upgrade bash

    Once the update has finished, run the code to check your vulnerability again and it should be sorted.

  • How to protect Ubuntu against the Shellshock exploit

    Shellshock is quite a serious security hole found a couple of days ago in Bash; to check whether your Ubuntu server is vulnerable run the following in a terminal:

     

    env VAR='() { :;}; echo Shellshock vulnerable!‘ bash -c “echo Bash Testing”

     

    If your system is vulnerable, you will see:

     

    Shellshock vulnerable!

    Bash testing

     

    If it is not vulnerable, you will see:

     

    bash: warning: VAR: ignoring function definition attempt
    bash: error importing function definition for `VAR’
    Bash testing

     

    If you are vulnerable, you can update bash by running the following:

    sudo apt-get update && sudo apt-get install --only-upgrade bash

     

    Once the update has finished, run the code to check your vulnerability again and it should be sorted. NOTE! Only the currently-supported versions of Ubuntu will get the bash update – if you are running anything older (e.g. 13.04, 13.10 or anything older that isn’t a still-supported LTS release) you will need to update your Ubuntu install to have the above work.