Knowledgebase

Bash vulnerability (Shellshock/Bashdoor)

Recently it has been found the vulnerability that was given two names at once Shellshock and Bashdoor.
This vulnerability touches such popular kind of UNIX command shell as Bash. Often bash is used as a pre-installed Linux shell.

According to Internet sources Shellshock theoretically can allow an attacker to take control of the system.

To resolve this vulnerability, we recommend you to upgrade to the latest version of bash on your Linux VPS. You can upgrade your operation system to the latest version, which will also update bash.

You can update bash the following way:

The solution of the problem CVE-2014-6271 for Redhat\Centos

You need to connect to the server via SSH and run the following commands:

yum update bash
yum update bash-4.1.2-15.el6_5.1

Then you must reboot the system.

The solution of the problem CVE-2014-6271 for Debian\Ubuntu

You need to connect to the server via SSH and check the bash package version.

To do it run the following command:

dpkg -s bash | grep Version
 

Then update the bash version:

sudo apt-get update && sudo apt-get install bash

Also, you can check the invulnerability of bash version by using the command in the console:

env X="() { :;} ; echo Bash is vulnerable" bash -c "echo Bash is OK"

In case it shows "Bash is OK" - it means that updating went successfully, in case of "Bash is vulnerable" - the bash is still vulnerable.

To update the operation system:

CentOS

You need to connect to the server via SSH and run the following command:

yum update

Then you must reboot the system.

Debian\Ubuntu

You need to connect to the server via SSH and run the following commands:

sudo apt-get update
sudo apt-get upgrade

Then you must reboot the system.

Versions that are vulnerable:

Red Hat bash distributions:
bash-3.0-27.el4.2
bash-3.2-32.el5_9.2
bash-3.2-24.el5_6.1
bash-3.2-33.el5_11.1.sjis.1
bash-3.2-33.el5.1
bash-4.1.2-15.el6_4.1
bash-4.1.2-9.el6_2.1
bash-4.1.2-15.el6_5.1.sjis.1
bash-4.1.2-15.el6_5.1
bash-4.2.45-5.el7_0.2

The distributions that contain vulnerable bash:

Red Hat Enterprise Linux 7
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 4

Also all versions of CentOS beginning with the 4th are vulnerable.

In case you have any questions - please, contuct us at support@vps.us

Looking for a Linux VPS? Check our offers for European and USA VPS hosting with different types of virtualization.
Also Read

Language:

Quick Navigation

Client Login

Email

Password

Remember Me

Search