shellshock bashbug vulnerability fix

I’m sure most of you are familiar with the Heartbleed vulnerability with OpenSSL and how it has affected most of the applications and systems across the internet. Well a new vulnerability has appeared and is potentially much worse. While this vulnerability is new to the public it has been a “bug” for over 25 years and is just now being exploited on a much larger scale.

shellshock bashbug vulnerability fix

Shellshock Video:

Here is a quick video explaining Shellshock: https://www.youtube.com/watch?v=aKShnpOXqn0

Shellshock Test:

In order to test for the Shellshock bash vulnerability you can run this test command from Terminal:

env x='() { :;}; echo vulnerable' bash -c 'echo hello'

If you’re not vulnerable, you’ll get this result:

bash: warning: x: ignoring function definition attempt bash: error importing function definition for `x' hello

If you are vulnerable to shellshock, you’ll get:

vulnerable hello

You may also need to check the version of bash you’re running by entering:

bash --version

Shellshock Fix:

Many Linux distributions already have patches available, and Apple/Mac users now have patch available which you can download and install it here.

Redhat Shellshock Fixhttps://access.redhat.com/articles/1200223

SUSE Shellshock Fixhttps://www.suse.com/support/shellshock/

Ubuntu Shellshock Fixhttp://www.ubuntu.com/usn/usn-2362-1/

EMC products affected by Shellshockhttps://emc–c.na5.visual.force.com/apex/KB_Non_ESA_Security?id=kA4700000008OfN

Cisco products affected by Shellshockhttp://tools.cisco.com/security/center/mcontent/CiscoSecurityAdvisory/cisco-sa-20140926-bash

VMware products affected by Shellshockhttp://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2090740

 

This can potentially be one of the most dangerous vulnerabilities because of how easy it is to exploit. However it is also one of the easiest to fix and patch. Make sure all of your systems are updated with all of the latest security patches and you shouldnt have an issue. If you have any comments or need assistance leave me a comment below and I will address them.

Update: I have been getting asked how to patch windows for the vulnerability, so just to be clear Windows machines and Windows servers do not run Bash.