Help and Knowledge

Security Updates

Security Updates

Patch the 'Shellshock' Vulnerability

September 2014

Your server might be vulnerable to a bug called Shellshock, which is a mistake in the code of a program called Bash, typically installed on Linux servers. The bug allows someone to send commands to computers which they should not have access to. This document contains instructions on how to manually check the vulnerability of your Linux server.

If you have any questions or need help checking your server, please e-mail us at support@tagadab.com or call us at 020 3697 5537 Monday through Friday between 8am - 6pm GMT.

Shellshock Vulnerability Manual Check

Follow the instructions below to determine if your server is vulnerable to Shellshock (you will need to repeat these steps for each of the Linux servers you might have):

  1. Log into your server as root via SSH
  2. Run the following command: env x='() { :;}; echo vulnerable' bash -c "echo Shellshock"

A system affected by the bug should return the following:

vulnerable
Shellshock


On the other hand, a secure system should return the following:

bash:warning: x: ignoring function definition attempt
bash: error importing function definition for ‘x’
Shellshock


If your system is vulnerable, you can secure it by following the instructions below based on the Linux distribution on your server:


Ubuntu and Debian servers:

  1. Log into your server as root via SSH
  2. Run the command: apt-get update
  3. Now run the command: apt-get install bash
  4. Once this command has completed, rerun the above vulnerability test and you should see that your system is now secure

RedHat and CentOS servers:

  1. Log into your server as root via SSH
  2. Run the command: yum update bash
  3. Once this command has completed, rerun the above vulnerability test and you should see that your system now passes the vulnerability