Skip to main content

Linux Bash Vulnerability - Test and Solution

Bash Shell Security Vulnerability

There is an important vulnerability in the Linux operating system Bash Shell that has the potential of making your server easily accessible to hackers. By running the test command below, you can see if your bash is vulnerable to exploits. Please run both commands below as root on your server to see if your system is vulnerable.

===============================
1. Log into your server as root
2. Execute the following command:

env x='() ; echo vulnerable' bash -c "echo this is a test"

3. If the output is "this is a test", that means that your bash needs to be updated. Please refer to your specific OS below and update your system and bash to latest version.
================================

and

================================
1. Log into your server as root
2. Execute the following command:

export dummy='() ; echo "exploited"'

3. Enter the following command afterwards:
bash

4. If the output is "exploited", that means that your bash needs to be updated. Please refer to your specific OS below and update your system and bash to latest version.
================================



==================================
Debian and Ubuntu

1. Log into your server as root
2. Execute the following command:

apt-get update && apt-get -y upgrade

3. Then run the test bash you ran earlier to see if your bash is still vulnerable. If the results are the same run "apt-get install -y bash". If you are still exploited, please reply to this email and our staff will look into it right away.
4. You should see the following command if your server is patched -

bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'

==================================

==================================
Centos

1. Log into your into server as root
2. Execute the following command:

yum clean all && yum update bash

3. Then run the test bash you ran earlier to see if your bash is still vulnerable. If you are still exploited, please reply to this email and our staff will look into it right away
4. You should see the following command if your server is patched -

bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'

==================================

Comments

Popular posts from this blog

Coldfusion Facebook Graph API publish to your wall and your friends walls

In this tutorial we will learn by full coldfusion Graph API code example how to publish on your wall and your friends walls. This application uses new oauth authentication method.

The code is divided into four files: we will first start with a file called index.cfm:

<cfoutput>    
    <!--- Your FB application IDS --->
      <cfset api_key = ""/>
    <cfset secret_key = ""/>
    <cfset appID = ""/>
<!--- create a connection to the fb graph cfc --->
    <cfset graphCFC = createObject("component", "graph").init(#appID#, #api_key#, #secret_key#) />
    <!--- If user is authenticated or his access token is set create a cookie --->     <cfif not isdefined("cookie.access_token") and isdefined("url.access_token")>
        <cfset cookie.access_token=url.access_token>
    </cfif> <!--- If the user is authenticated and access token is set, then make the action…

Error: Write to Disk Access Denied - Troubleshooting - BitTorrent

I have downloaded Bit Torrent software and when trying to download I got an error after few seconds saying:

Error: Write to Disk Access Denied
Solving this problem is so simple:
Shut down BitTorrent program.
Go to Start and in the small search box on top of windows start button start typing Bittorrent and the program will show, right click with the mouse on the icon and Run as Administrator.
All ur problems are sorted out now and you can enjoy downloading...
Good Luck.

Implementation of Facebook Graph API in Coldfusion

Facebook has launched a new FB API called Graph that simplifies FB applications development, the new Graph API allows website owners to create Single Sign On (SSO) with Facebook and allow websites owners to be able to import a lot of users information but after their permissions.


The code below written in Coldfusion gives an example on how to Create FB login/logout button and then how to retrieve the created cookie, and use it for further development:

  <body>
  <cfoutput>
<!--- Your FB application IDS --->
    <cfset api_key = "XXXXXXXXXXXXX"/>
    <cfset secret_key = "XXXXXXXXXXXXXX"/>
    <cfset appID = "XXXXXXXXXXXXXX"/>
<!--- Facebook login/logout button --->
    <p><fb:login-button perms="email,user_birthday" autologoutlink="true"></fb:login-button></p>
    <!--- Facebook login/logout button that publishes to your wall--->
    <p><fb:like></fb:like…