Sep25

Bash Critical Vulnerability – Check now!

Posted by Sarah Holt

There has been a critical vulnerability found in Bash. The vulnerability affects Linux/Unix distributions that use or have Bash installed.

For additional information on this vulnerability please click here. 

We advise all our clients to keep their servers & software updated constantly to make sure their servers are at minimal risk of potential vulnerabilities. For this particular vulnerability we recommend reading the following links and taking action as soon as possible:

https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/

https://access.redhat.com/articles/1200223

To test if your version of Bash is vulnerable, run the following command:

$ env x='() { :;}; echo vulnerable’ bash -c “echo this is a test”

If the output of the above command looks as follows:

vulnerable
this is a test

You are using a vulnerable version of Bash. The patch used to fix this issue ensures that no code is allowed after the end of a Bash function.

If you run the above example with the patched version of Bash, you should get an output verifying you are not vulnerable:

$ env x='() { :;}; echo vulnerable’ bash -c “echo this is a test”
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x’
this is a test

Please contact our support team through support@uk2.net if you would like any help in applying the patch or have further questions about this vulnerability.

This article was brought to you by Midphase, for shared hosting, cloud servers and 24/7 support visit our site here www.midphase.com

If you like it, share it!

No Comments

Comments are closed.

Stop blending in with the rest of the crowd and start leaving your mark on the web