Announcement Announcement Module
Collapse
No announcement yet.
Bash ShellShock Vulnerability and Fixes. Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Bash ShellShock Vulnerability and Fixes.

    Hi,

    A Critical remotely exploitable vulnerability has been discovered in the widely used Linux and Unix command-line shell, known as Bash.

    The vulnerability (CVE-2014-6271) affects versions 1.14 through 4.3 of GNU Bash and being named as Bash Bug, and Shellshock by the Security researchers on the Internet discussions.

    A hacker could have exploit this bug to execute shell commands remotely on a target machine using specifically crafted variables.

    How to check if a server is vulnerable to this attack
    #########################################

    Issue the below caommad and if the result is showing as "Vulnerable" then you are in risk.

    # env x='() { :;}; echo vulnerable' bash -c "echo safe" ;

    Fix for this vulnerability
    ###################

    Patch your system
    For CentOS, Fedora, Red Hat (and the like) users, just type this to update it (yes, there’s already a patch, and you’ll be patched up in about 10 seconds)


    # yum -y update bash


    For Debian, Ubuntu (and the like) users, type this to update bash:


    # sudo apt-get update && sudo apt-get install --only-upgrade bash
    (This will update the list of packages, then install the latest bash)


    Referece:
    ########

    http://thehackernews.com/2014/09/bas...shock.html?m=1
    http://www.linuxnews.pro/patch-bash-...centos-ubuntu/
    Last edited by JinoJoseph; 27th September 2014, 12:40 PM.
Tag Cloud Tag Cloud Module
Collapse
Working...
X