Patch the ‘Shellshock’ Vulnerability
September 2014
Your server might be vulnerable to a bug called Shellshock, which is a mistake in the code of a program called Bash, typically installed on Linux servers. The bug allows someone to send commands to computers which they should not have access to. This document contains instructions on how to manually check the vulnerability of your Linux server.
If you have any questions or need help checking your server, please e-mail us at support@simplyhosting.cloud or call us at 0345 259 1234 Monday through Friday between 8am – 6pm GMT.
Shellshock Vulnerability Manual Check
Follow the instructions below to determine if your server is vulnerable to Shellshock (you will need to repeat these steps for each of the Linux servers you might have):
Windows Server 2008 R2:
- Log into your server as root via SSH
2. Run the following command:
env x='() { :;}; echo vulnerable' bash -c "echo Shellshock"
A system affected by the bug should return the following:
vulnerableShellshock
On the other hand, a secure system should return the following:
bash:warning: x: ignoring function definition attemptbash: error importing function definition for ‘x’Shellshock
If your system is vulnerable, you can secure it by following the instructions below based on the Linux distribution on your server:
Ubuntu and Debian servers:
- Log into your server as root via SSH
- Run the command: apt-get update
- Now run the command: apt-get install bash
- Once this command has completed, rerun the above vulnerability test and you should see that your system is now secure
RedHat and CentOS servers:
- Log into your server as root via SSH
- Run the command: yum update bash
- Once this command has completed, rerun the above vulnerability test and you should see that your system now passes the vulnerability