1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

BASH Vulnerability - please check your servers!

Discussion in 'Web Hosting' started by fatboy, Sep 25, 2014.

  1. fatboy

    fatboy Elite Member

    Joined:
    Aug 13, 2008
    Messages:
    1,618
    Likes Received:
    3,232
    Occupation:
    Retired
    Location:
    Old Peoples Home
    I know most people have probably heard of the BASH flaw that could allow people to run code on your server using freely available PoC that is floating about the internet right now. The bug is 22 years old but has only just been found.

    I have a post on my blog on how to find if you have a vulnerable version or not and what to do, here is the link: http://autoim.net/bash-the-22-year-old-vulnerability/

    If you don't want to go to the site to read a bit more, this is the bit you need:

    1. Log into your server and at a command line, run this:
    Code:
    env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
    2. If the output from that command is:
    Code:
    vulnerable
    this is a test
    
    then your BASH is vulnerable and you need to update BASH as soon as possible!!

    FB
     
    • Thanks Thanks x 7
  2. SharkServers

    SharkServers Jr. VIP Jr. VIP

    Joined:
    Jun 29, 2014
    Messages:
    420
    Likes Received:
    195
    Occupation:
    Web Hosting
    Location:
    DMCA? Pff! www.SuckMyBallsDM.CA
    Home Page:
    Upgraded on all our servers immediately once the news about this vulnerability came to light - have to keep the data of my clients secure.

    Glad too see someone following the security announcements :)
     
    • Thanks Thanks x 2
  3. ugjunk

    ugjunk Jr. VIP Jr. VIP

    Joined:
    Jan 1, 2011
    Messages:
    2,537
    Likes Received:
    740
    Location:
    Los Angeles
    Home Page:
  4. HostSailor

    HostSailor Junior Member

    Joined:
    Jul 5, 2014
    Messages:
    107
    Likes Received:
    4
    Yes thanks for this information. We already upgraded/updated our servers
     
  5. Arbvestor

    Arbvestor Newbie

    Joined:
    Feb 11, 2014
    Messages:
    25
    Likes Received:
    15
    Occupation:
    Support Tech
    Location:
    Spain
    Home Page:
    Just that you know: The first fix that was sent out by the big linux distributions did not fix the problem (http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7169) in full. There is now a second fix available for a related problem (http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271). Please make sure your servers are protected, since there are attacks currently going on using both vulnerabilities.
     
    • Thanks Thanks x 1
  6. HostStage

    HostStage Jr. VIP Jr. VIP

    Joined:
    May 20, 2010
    Messages:
    1,876
    Likes Received:
    1,769
    Occupation:
    BHW - CEO of Webhosting Company
    Location:
    BWH from France
    Home Page: