Shellshock - Am I vulnerable and what do I do?

Thu 25 September 2014

bash_history

Shellshock is the latest Heartbleed level vulnerability to be discovered. It's a pretty long running exploit in how bash handles environment variables. It's a good thing to fix asap, especially if you're running any old services like telnet, ftp or an old version of apache.

Is my server vulnerable?

Run this.

env x='() { :;}; echo vulnerable' bash -c 'echo test'

If you see:

vulnerable
test

You should patch immediately.

However if you see.

bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
test

You should be okay.

How to fix?

Centos/RedHat

yum update bash

Debian/Ubuntu

sudo apt-get update && sudo apt-get install bash

OSX

Unless your running OSX as a critical server somewhere remote, I'd hold off the solution for now and wait for Apple to distribute an update. If you need to update.

  1. Install homebrew

  2. Run

    brew update
    
  3. Then run

    brew update bash
    
  4. Backup your existing vulnerable bash

    cp /usr/local/bin/bash /usr/local/bin/bash_old
    
  5. Then symlink to the new brew installed bash

    ln -s /usr/local/Cellar/bash/4.3.25/bin/bash /usr/local/bin/bash
    

Finally reboot!

Note: These patches are coming out fast and... incomplete. So keep an eye on these solutions as time goes on as I fear these patches might not solve the whole problem.

Category: Devops Tagged: security vulnerability

comments


Page 1 of 1