Get your update against GNU Bash “SHELLSHOCK” vulnerability

attackers-exploit-shellshock-bug-showcase_image-2-a-7361

This is a very important announcement from FSF [Free Software Foundation]. I would like to share with you, readers, about the unnoticed vulnerability inside Bash [Bourne Again SHell]. Let’s have a look at FSF’s statement on this particular issue.

“A major security vulnerability has been discovered in the free software shell GNU Bash. The most serious issues have already been fixed, and a complete fix is well underway. GNU/Linux distributions are working quickly to release updated packages for their users. All Bash users should upgrade immediately, and audit the list of remote network services running on their systems.”

The vulnerability affects from version 1.14 through 4.3 of GNU Bash. This particular issue is named as Bash Bug.

What if I don’t update?
According to details available, a hacker could exploit this bash bug to remotely execute commands on your system with the help of some other manipulated environments. If you are connected to internet and bash is ypou default shell, then an attacker can send a malicious web request to access the system through bash since most of the web applications prevailing nowadays on internet are based on cgi-scripts which invokes different applications through shell. This will be a seriuos risk to internet infrastructure.

How to check for Vulnerable shell?
To determine if a GNU/Linux or Unix system is vulnerable, run the following command lines in your linux shell:

# env X=”() { :;} ; echo shellshock” /bin/sh -c “echo completed”
# env X=”() { :;} ; echo shellshock” `which bash` -c “echo completed”

If you see the words “shellshock” in the output, then you are at risk. Check for updates. . .

How can I get rid of Bash bug?
Many of the major operating system and GNU/Linux distribution vendors have released the new bash software versions, including Red Hat, Debian, Fedora and Ubuntu. If your system is vulnerable to bash bug, then you are highly recommended to upgrade your bash software package as soon as possible. Please share this information to all those who use GNU Bash. Sharing is also part of freedom, right?

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s