Linux
Sep 25, 2014
kalpesh
No Comments

[Fix] Linux Bash Code Injection Vulnerability – ShellShock

ShellShock is new Linux vulnerability affecting all versions of Bash package. This vulnerability is worse than HeartBleed! This command line vulnerability is present in Mac OS X too. Basically it’s there in all the systems having Bash, a software used to control the command line in Unix.

To test if you are vulnerable to ShellShock, run this command:

env x='() { :;}; echo vulnerable'  bash -c "echo this is a test"

If you see output:

vulnerable
this is a test

that means you are vulnerable!

Fix for Redhat packages:

yum update bash

Fix for Ubuntu/Debian packages:

apt-get upgrade bash

After running above commands, check again to see if you are vulnerable:

env x='() { :;}; echo vulnerable'  bash -c "echo this is a test"

If you see below output, that means you are no longer vulnerable

bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test

Leave a comment

 

Welcome to my Blog

Kalpesh MehtaHelping Magento developers in their day-to-day development problems since 2011. Most of the problems and solutions here are my own experiences while working on different projects. Enjoy the blog and don't forget to throw comments and likes/+1's/tweets on posts you like. Thanks for visiting!

Certifications

Honor

Recognition

Magento top 50 contributors

Magento top 50 contributors

Contributions

Categories

Tag Cloud

500 internal server error admin answers attribute bug category checkbox checkout cookie customer difference domain name EAV error event extension interview invoice jquery linux magento magento2 magento admin magento error magento interview questions magento orm mysql observer order pinterest product products questions redirect register remove script session simplexml to array state status study guide tax url wordpress