How to update Bash to secure Shellshock vulnerability
By now you’re probably aware that a serious Unix (Linux) vulnerability has been discovered.Named ‘Shellshock’, it affects Unix-based operating systems such as Linux and Mac OS X. If exploited, can allow the running of arbitrary commands on Linux servers and can be used by hackers to gain remote control of servers and personal computers.
The aim of this post is to outline the steps you need to take to patch this vulnerability.
Shell Shock is a BASH exploit that can allow the running of arbitrary commands on Linux servers.
This is a newly discovered bug and affects a very large number of servers.
There is a patch, you should ensure that your server’s BASH version is updated ASAP.
This has been reported worldwide by the media and isn’t specific to any particular company, so if you have hosting elsewhere and you’re unsure of the steps your web host or server administrator has taken, it’s vital to find out. You will also need to check any hardware you own running a Unix-based OS (e.g. desktops and laptops), and install recommended updates if they allow external SSH connections.
All versions of bash up to and including 4.3 are vulnerable.
All supported Linux distributions are affected and have released patches.
More information from Red Hat: https://access.redhat.com/articles/1200223
Shared Web Hosting
If your on a shared hosting environment likeliness is you don’t need to do anything and your host has already done this. Just ask them to confirm.
VPS, Hybrid Server & Dedicated Servers
If you have a VPS, Hybrid Server or Dedicated Server, and it is not managed you will need to update!
Doing this is quite simple, log in via SSH and run the following
CentOS & Fedora use bash by default. To update:
yum -y update bash
rpm -q –changelog | grep –B1 –A1 CVE-2014-7169
This should return something like the following
* Thu Sep 25 2014 Ondrej Oprala <firstname.lastname@example.org> – 4.1.2-15.2
Once you have successfully updated we recommend that you reboot the server to make sure that there are no vulnerable invocations of bash running.
Ubuntu and Debian may not use bash by default. However, you still need to patch as bash is likely to be installed. To do this:
apt-get update && apt-get install –only-upgrade bash
Following the update, you should reboot the server to make sure that there are no vulnerable invocations of bash running.
If you have any question or need help doing this contact us