ShellShock – How do I patch it?

26th September, 2014 by

On the 24/9/2014 a security flaw nicknamed ShellShock was announced in the common bash shell. The security defect potentially allows external users to execute shell commands remotely on linux based servers. The good news is security patches are already available to be applied.

For a more detailed explanation of the security flaw please see Bash Vulnerability CVE-2014-6271

Am I Vulnerable to Shell Shock?

To test if your VPS is still vulnerable to the issue you can run the following test.

Log on to your bash shell and execute the following command

env m='() { :;}; echo Vulnerable - you need a patch ' bash

If your system has been patched you will see the following output and you can stop reading

[email protected] [~]# env m='() { :;}; echo Vulnerable - you need a patch ' bash
bash: warning: m: ignoring function definition attempt
bash: error importing function definition for `m'

If your system is unpatched you will see the following output and you will need to fix it

[email protected] [~]# env m='() { :;}; echo Vulnerable - you need a patch ' bash
Vulnerable - you need a patch

How Do I patch bash for Shell Shock

The good news is the vulnerability has already been patched and included in most major distributions.
To upgrade a RHEL/CentOS system you can run:

yum -y update bash

To update a Debian/Ubuntu System you can run:

sudo apt-get update && sudo apt-get install --only-upgrade bash

Then rerun the test above to make sure you’re system is patched.

Delivery Manager

Daniel has been an evangelist for internet applications and infrastructure for over 15 years. A graduate of the university of Wollongong Computer Science department, he has delivered projects in complex applications ranging from Flight Center's corporate bookings engine to Macquarie Bank's equities trading platform.

When not at ServerMule Daniel can be found with his surfboard under his arm heading to the beach for a surf or encouraging his young son and daughter to get out there amongst the waves.

Read More from