Remotely Exploitable 'Bash Shell'

  • September 25, 2014 by Tech #1

We have been made aware of a serious security vulnerability in Bash that affects multiple operating systems and applications. Some of the reported OS includes:

  • Red Hat Enterprise Linux / CentOS 7
  • Red Hat Enterprise Linux / CentOS 6
  • Red Hat Enterprise Linux / CentOS 5
  • Red Hat Enterprise Linux / CentOS 4 (ELS)
  • Ubuntu 10, 12, 14
  • Debian

To determine if a Linux or Unix system is vulnerable, run the following command lines in your linux shell:

  • env X="() { :;} ; echo shellshock" /bin/sh -c "echo completed"
  • env X="() { :;} ; echo shellshock" `which bash` -c "echo completed"

If you see the words "shellshock" in the output, errrrr… then you are at risk.

If you are running on CPanel, you need not to worry, as the CPanel system automatically updates itself to the latest fix available.

If you are running with CPanel or not configuring the auto update using yum, you can run the following command:

# yum update bash

This will update your bash into the latest version with the fix of this issue.