Friday, September 26, 2014

FIX your BASH already! Correcting the BASH shellshock vulnerability

By now you've heard that just about every 'Nix box on the planet is vulnerable to a flaw in the BASH shell that allows code insertion regardless of your level of access.  Worse, it's been that way for 25 years!

Ok, so that's a problem but what's the solution?

It's actually pretty simple...

First you test, then you patch, then you test again.  I've provided some command line snippets you can use on your Red Hat or Debian based Linux distros.  The testing command is almost universal the patch commands are more system specific.  Regardless, you need to get this done ASAP as less than 24 hours after its discovery there were already active bots scanning the net looking to exploit the vulnerability.

The command snippets you need are below as well as a video showing the update process.  The following link had the most complete information I've found if you want to know more.

You've got what you need, now go to it!


Testing command (at a shell prompt or terminal session)

env VAR='() { :;}; echo Bash is vulnerable!' bash -c "echo Bash Test"

Bash updates:


sudo apt-get update && sudo apt-get install --only-upgrade bash

CentOS/Red Hat

sudo yum update bash