In the past 24 hours we have come to learn there is a serious bug in most versions of Bash. It allows remote attackers to execute arbitrary code because it processes trailing strings after function definitions in the values of environment variables.
How do you know if you are effected?
Open a terminal and type the following:
env x='() { :;}; echo -n Exploitable\ ' bash -c 'echo Test'
If you are vulnerable it will say 'Exploitable Test'. If not, it'll say 'Test'.
How do I patch my system?
Most distributions have released an update version of Bash that will fix this vulnerability. Follow these instructions that correspond with your OS to update to the latest version:
CentOS users can update with the following
yum update bash
Debian/Ubuntu users can update with the following
apt-get update
apt-get upgrade bash
FreeBSD users can update with the following:
portsnap fetch extract
cd /usr/ports/shells/bash
make deinstall reinstall clean
Be sure to rerun the above test after updating.
Let us know if you need any help updating or verifying your server's security.
WizzSolutions Security Team