How to update Bash to secure Shellshock vulnerability

How to update Bash to secure Shellshock vulnerability

By now you’re probably aware that a serious Unix (Linux) vulnerability has been discovered.Named ‘Shellshock’, it affects Unix-based operating systems such as Linux and Mac OS X. If exploited, can allow the running of arbitrary commands on Linux servers and can be used by hackers to gain remote control of servers and personal computers.

The aim of this post is to outline the steps you need to take to patch this vulnerability.

Shell Shock is a BASH exploit that can allow the running of arbitrary commands on Linux servers.

This is a newly discovered bug and affects a very large number of servers.

There is a patch, you should ensure that your server’s BASH version is updated ASAP.

 

What’s affected?

This has been reported worldwide by the media and isn’t specific to any particular company, so if you have hosting elsewhere and you’re unsure of the steps your web host or server administrator has taken, it’s vital to find out. You will also need to check any hardware you own running a Unix-based OS (e.g. desktops and laptops), and install recommended updates if they allow external SSH connections.

All versions of bash up to and including 4.3 are vulnerable.

All supported Linux distributions are affected and have released patches.

Debian: https://www.debian.org/security/2014/dsa-3035

Ubuntu: http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-7169.html

Fedora: https://lists.fedoraproject.org/pipermail/package-announce/2014-September/138687.html

Cent OS: http://lists.centos.org/pipermail/centos-announce/2014-September/020593.html 

More information from Red Hat: https://access.redhat.com/articles/1200223

 

Shared Web Hosting

If your on a shared hosting environment likeliness is you don’t need to do anything and your host has already done this.  Just ask them to confirm.

 

VPS, Hybrid Server & Dedicated Servers

If you have a VPS, Hybrid Server or Dedicated Server, and it is not managed you will need to update!

Doing this is quite simple, log in via SSH and run the following

CentOS & Fedora use bash by default. To update:

yum -y update bash

rpm -q –changelog | grep –B1 –A1 CVE-2014-7169

This should return something like the following

* Thu Sep 25 2014 Ondrej Oprala <ooprala@redhat.com> – 4.1.2-15.2

– CVE-2014-7169

Resolves: #1146322

Once you have successfully updated we recommend that you reboot the server to make sure that there are no vulnerable invocations of bash running.

Ubuntu and Debian may not use bash by default. However, you still need to patch as bash is likely to be installed. To do this:

apt-get update && apt-get install –only-upgrade bash

Following the update, you should reboot the server to make sure that there are no vulnerable invocations of bash running.

 

If you have any question or need help doing this contact us

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.