Client portal

  • ATTENTION: Linux Users: Shell Shock Bash Vulnerability - CVE-2014-6271 and CVE-2014-7169

    September 26, 2014 by Michael K
  • In the past 24 hours we have come to learn there is a serious bug in most versions of Bash. It allows remote attackers to execute arbitrary code because it processes trailing strings after function definitions in the values of environment variables.

    How do you know if you are effected?
    Open a terminal and type the following:

    env x='() { :;}; echo -n Exploitable\ ' bash -c 'echo Test'

    If you are vulnerable it will say 'Exploitable Test'. If not, it'll say 'Test'.

    How do I patch my system?
    Most distributions have released an update version of Bash that will fix this vulnerability. Follow these instructions that correspond with your OS to update to the latest version:
    CentOS users can update with the following

    yum update bash

    Debian/Ubuntu users can update with the following

    apt-get update
    apt-get upgrade bash

    FreeBSD users can update with the following:

    portsnap fetch extract
    cd /usr/ports/shells/bash
    make deinstall reinstall clean

    Be sure to rerun the above test after updating.
    Let us know if you need any help updating or verifying your server's security. 

    WizzSolutions Security Team

Powered by