shellshock

What is Shellshock “Bash Bug”?

Shellshock is a Bash vulnerability also known as “Bash Bug”. This bug allows remote attackers to execute arbitrary code with some conditions, which can pass strings of code following environment variable assignments. Shellshock was discovered September 24, 2014, as a GNU Bash vulnerability, and it affects Linux, BSD and Mac OS X. Bash versions between 1.14 through 4.3 are at high risk.

More details about the Bug can be found at CVE-2014-6271 and CVE-2014-7169.

What does Shellshock affect?

  • Apache HTTP Servers
  • CGI scripts (via mod_cgi and mod_cgid)
  • Bash subshells
  • Certain DHCP clients
  • OpenSSH servers with ForceCommand capability

How to Fix Vulnerability?

The easiest way to fix the vulnerability is to get the latest update of Bash, which already is safe. We will show you the terminal commands to get the update and protect yourself with Ubuntu, Debian, Red Hat, Fedora and CentOS. Do it as as fast as you can.

Ubuntu / Debian – update Bash via apt-get:

sudo apt-get update && sudo apt-get install –only-upgrade bash

Red Hat / Fedora / CentOS – update Bash via yum:

sudo yum update bash

Conclusion

To be protected get sure to have the latest version of Bashalways get the latest updates,  Be sure to update all of your affected servers to the latest version of Bash.

 

NO COMMENTS

Leave a Reply