The shellshock vulnerability also known as bash bug is a Bash vulnerability that allows a hacker to run arbitrary commands on any machine running a vulnerable version of Bash. Bash was created in 1987 and the shellshock vulnerability has probably existed since 1992, so it's one of the oldest bugs around.
The targeted machines are those that run web servers, but it would be good to patch any machine running Bash. That includes machines running Linux, BSD and Mac OS X. If your machine hasn't been patched as of Sunday, 28 September 2014, it's still vulnerable.
There have been five exploits so far.
CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277
To test if your system is vulnerable, run this command:
env x='() { :;}; echo vulnerable; exit;' bash -c 'echo not vulnerable'
If the output is vulnerable, it means Bash has to be upgraded immediately.
To upgrade Bash, here are a few steps:
Mac OS X
Apple just released this patch. Download and run BashUpdateMavericks.dmg. It will upgrade your Bash to the patched version.
Mac OS X using MacPorts
sudo port selfupdate
sudo port upgrade bash
Debian GNU/Linux
apt-get update
apt-get install --only-upgrade bash
Cent OS / Fedora / Red Hat
yum update bash -y
Arch Linux
pacman -Sy bash
This article will be updated till all known vulnerabilities for Bash are fixed. Stay tuned.
Related Posts
If you have any questions, please contact me at arulbOsutkNiqlzziyties@gNqmaizl.bkcom. You can also post questions in our Facebook group. Thank you.
