Bash vulnerability

A latest vulnerability in bash has been reported which affected more than 50% of the servers worldwide, using which attackers could run malicious code on the system. You can check whether your server is affected using the below command :

 env x='() { :;}; echo yes you are vulnerable' bash -c "echo testing finished"

If you get the output as

[root@test ~]#  env x='() { :;}; echo yes you are vulnerable' bash -c "echo testing finished"
yes you are vulnerable
testing finished

then you are affected. please update your bash to the latest one in CentOS as below:

yum update bash

If you are already patched to the latest bash, you will get the below reply :

[root@test ~]#  env x='() { :;}; echo yes you are vulnerable' bash -c "echo testing"
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
testing finished

For other Distributions >>>>

Ubuntu 
10.04:
sudo apt-get --upgrade install bash
latest ubuntu distributions :
apt-get install --only-upgrade bash
Fedora :
Fedoar 19 :
sudo curl -O https://kojipkgs.fedoraproject.org//packages/bash/4.2.48/2.fc19/x86_64/bash-4.2.48-2.fc19.x86_64.rpm
rpm -U bash-4.2.48-2.fc19.x86_64.rpm

Fedoara 20:
sudo curl -O https://kojipkgs.fedoraproject.org//packages/bash/4.2.48/2.fc20/x86_64/bash-4.2.48-2.fc20.x86_64.rpm
sudo rpm -U bash-4.2.48-2.fc20.x86_64.rpm

simple but worthy to say 🙂

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s