ShellShock Bash Vulnerability

ShellShock Bash Vulnerability

RemarkableTek’s Status

All servers within RemarkableTek’s infrastructure have been patched as of last week.

What we know:

There is a critical vulnerability that affects the GNU Bourne Again Shell (Bash), used in many *nix based operating systems. The vulnerability relates to how environment variables are processed and allows for Remote Code Execution, allowing an unauthenticated attacker to run commands on vulnerable systems. Web servers should be considered high priorities for patching. Security researchers are actively investigating the issue, and are highlighting the ease with which it can be exploited.

The detail:

This vulnerability has the ID CVE-2014-6271 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271, and has been given an Exploitability score of 10.0 – the same as Heartbleed.

There are patches available for many of the major Linux distributions, such as:

 

You can verify if a system is vulnerable by entering the following command:
env x='() { :;}; echo Server is vulnerable' bash -c "echo"

If the system is vulnerable, the output will be:
Server is vulnerable

An unaffected (or patched) system will output:
a blank line
or

bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'

Updating your own server:

In CentOS / Fedora / RedHat / CloudLinux servers,
Login to terminal as root and execute the command:
# yum -y update bash

In Ubuntu / Debian servers,
Login to terminal as root and execute the command:
# apt-get update && apt-get install bash

In OpenSuse servers,
Login to terminal as root and execute the command:
# zypper patch --cve=CVE-2014-6217
# zypper patch --cve=CVE-2014-7169

If you have further questions or need assistance, please feel free to contact us at support@remarkabletek.com

Share

Leave a Reply

Your email address will not be published. Required fields are marked *