Skip to main content

Linux Bash Vulnerability - Test and Solution

Bash Shell Security Vulnerability

There is an important vulnerability in the Linux operating system Bash Shell that has the potential of making your server easily accessible to hackers. By running the test command below, you can see if your bash is vulnerable to exploits. Please run both commands below as root on your server to see if your system is vulnerable.

===============================
1. Log into your server as root
2. Execute the following command:

env x='() ; echo vulnerable' bash -c "echo this is a test"

3. If the output is "this is a test", that means that your bash needs to be updated. Please refer to your specific OS below and update your system and bash to latest version.
================================

and

================================
1. Log into your server as root
2. Execute the following command:

export dummy='() ; echo "exploited"'

3. Enter the following command afterwards:
bash

4. If the output is "exploited", that means that your bash needs to be updated. Please refer to your specific OS below and update your system and bash to latest version.
================================



==================================
Debian and Ubuntu

1. Log into your server as root
2. Execute the following command:

apt-get update && apt-get -y upgrade

3. Then run the test bash you ran earlier to see if your bash is still vulnerable. If the results are the same run "apt-get install -y bash". If you are still exploited, please reply to this email and our staff will look into it right away.
4. You should see the following command if your server is patched -

bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'

==================================

==================================
Centos

1. Log into your into server as root
2. Execute the following command:

yum clean all && yum update bash

3. Then run the test bash you ran earlier to see if your bash is still vulnerable. If you are still exploited, please reply to this email and our staff will look into it right away
4. You should see the following command if your server is patched -

bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'

==================================

Comments

Popular posts from this blog

Error: Write to Disk Access Denied - Troubleshooting - BitTorrent

I have downloaded Bit Torrent software and when trying to download I got an error after few seconds saying:

Error: Write to Disk Access Denied
Solving this problem is so simple:
Shut down BitTorrent program.
Go to Start and in the small search box on top of windows start button start typing Bittorrent and the program will show, right click with the mouse on the icon and Run as Administrator.
All ur problems are sorted out now and you can enjoy downloading...
Good Luck.

Importing SSL certs to Coldfusion Railo's keystore

If you are having the below error:
Railo 3.3.4.003 Error (javax.net.ssl.SSLHandshakeException)Messagesun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested targetCausejavax.net.ssl.SSLHandshakeException

This means you are trying to invoke an https webservice. to invoke an SSL webserver you need to import the certificate into Railo by using keytool command. Below are the steps on how to do this:

1- use fire fox to open the webservice and click on the padlock as shown on the below image:

2-Click on more information as below:
 3- Click on View Certificate as below:
4-Click on details as below:
 5- Now export the certificate and save it to your computer with .cer extension.

6- Search in railo folder for the keytool command location, in my case it was under railo\jdk\bin

7-  Search in railo folder for the cacerts location, in my case it was under railo\lib\railo-s…

Publish to Wordpress using JSON API plugin and Coldfusion

I was using Postie to automatically publish to wordpress blog. I was searching a better method of publishing using soap api or json api. I found an excellent json plugin that can be used to publish posts and comments to wordpress.
Please follow the below step by step, this code will let you publish automatically for froma different interface to wordpress rather than using postie or email.

Step one: Install json plugin, enable the plugin and then go to settings > JSON API and  activate post

Step two: you have to modify the file: yourwordpressdirectory/wp-content/plugins/json-api/controllers/post.php

Please replace the file content with the below or add the missing Authenticate method. This method is necessary to authenticate a user to wordpress to be able to post content without a valid session.


<?php /* Controller name: Posts Controller description: Data manipulation methods for posts */ classJSON_API_Posts_Controller{ publicfunctioncreate_post(){ global$json_api; $this->authenticate()…