lots of tech info here

How to fix the shellshock bash bug vulnerability in bash shell

The shellshock vulnerability also known as bash bug is a Bash vulnerability that allows a hacker to run arbitrary commands on any machine running a vulnerable version of Bash. Bash was created in 1987 and the shellshock vulnerability has probably existed since 1992, so it's one of the oldest bugs around.

The targeted machines are those that run web servers, but it would be good to patch any machine running Bash. That includes machines running Linux, BSD and Mac OS X. If your machine hasn't been patched as of Sunday, 28 September 2014, it's still vulnerable.

There have been five exploits so far.

CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277

To test if your system is vulnerable, run this command:

  env x='() { :;}; echo vulnerable; exit;' bash -c 'echo not vulnerable'

If the output is vulnerable, it means Bash has to be upgraded immediately.

ShellShock Bash Bug

To upgrade Bash, here are a few steps:

Mac OS X

Apple just released this patch. Download and run BashUpdateMavericks.dmg. It will upgrade your Bash to the patched version.

Mac OS X using MacPorts

  sudo port selfupdate
  sudo port upgrade bash

Debian GNU/Linux

  apt-get update
  apt-get install --only-upgrade bash

Cent OS / Fedora / Red Hat

  yum update bash -y

Arch Linux

  pacman -Sy bash

This article will be updated till all known vulnerabilities for Bash are fixed. Stay tuned.

Posted on 29 Sep 2014

If you liked this article, subscribe to our Feed, follow us on Twitter (@aruljohn) and/or join our Facebook Page.

Share this with Others

Subscribe

Tags