How to Protect your Server Against the Shellshock Bash Vulnerability
GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution.
On each of your systems that run Bash, you may check for Shellshock vulnerability by running the following command at the bash prompt.
Commands:
env 'VAR=() { :;}; echo Bash is vulnerable!' 'FUNCTION()=() { :;}; echo Bash is vulnerable!' bash -c "echo Bash Test"
Ubuntu / Debian
sudo apt-get update && sudo apt-get install --only-upgrade bash
Or for CentOS / Red Hat / Fedora
sudo yum udate bash
Links for more info:
http://web.nvd.nist.gov/view/vuln/det...
http://web.nvd.nist.gov/view/vuln/det...
https://access.redhat.com/security/cv...
https://access.redhat.com/security/cv...
Test you websites:
http://shellshock.brandonpotter.com/
You can always Deploy an SSD cloud server in 55 seconds
with Digitalocean.
Anyone how use this link will receive $10 in hosting credit immediately after unlocking their account by adding a valid payment method.
Sign Up with this link
https://www.digitalocean.com/?refcode...
(affiliate, referral)
Watch video How to Protect your Server Against the Shellshock Bash Vulnerability online, duration hours minute second in high quality that is uploaded to the channel NixInPix 30 September 2014. Share the link to the video on social media so that your subscribers and friends will also watch this video. This video clip has been viewed 227 times and liked it 1 visitors.
