Skip to main content

Linux Bash Vulnerability - Test and Solution

Bash Shell Security Vulnerability

There is an important vulnerability in the Linux operating system Bash Shell that has the potential of making your server easily accessible to hackers. By running the test command below, you can see if your bash is vulnerable to exploits. Please run both commands below as root on your server to see if your system is vulnerable.

===============================
1. Log into your server as root
2. Execute the following command:

env x='() ; echo vulnerable' bash -c "echo this is a test"

3. If the output is "this is a test", that means that your bash needs to be updated. Please refer to your specific OS below and update your system and bash to latest version.
================================

and

================================
1. Log into your server as root
2. Execute the following command:

export dummy='() ; echo "exploited"'

3. Enter the following command afterwards:
bash

4. If the output is "exploited", that means that your bash needs to be updated. Please refer to your specific OS below and update your system and bash to latest version.
================================



==================================
Debian and Ubuntu

1. Log into your server as root
2. Execute the following command:

apt-get update && apt-get -y upgrade

3. Then run the test bash you ran earlier to see if your bash is still vulnerable. If the results are the same run "apt-get install -y bash". If you are still exploited, please reply to this email and our staff will look into it right away.
4. You should see the following command if your server is patched -

bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'

==================================

==================================
Centos

1. Log into your into server as root
2. Execute the following command:

yum clean all && yum update bash

3. Then run the test bash you ran earlier to see if your bash is still vulnerable. If you are still exploited, please reply to this email and our staff will look into it right away
4. You should see the following command if your server is patched -

bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'

==================================
Labels:

Comments

Post a Comment

Popular posts from this blog

Top Google Adsense Alternatives

Google Adsense is a web tool that allows publishers in the Google Network of content sites to automatically serve text, image, video, and rich media adverts that are targeted to site content and audience. These adverts are administered, sorted, and maintained by Google, and they can generate revenue on either a per-click or per-impression basis.  Google servers advertisers using google adwords platform, while adsense is the publishers platform. Google Adsense is the top Ad Publishers platform over the web ranking number one in web advertising industry. Adsense offers contextual advertisements that covers web sites, blogs, games, videos, mobile browsing etc. What made Google Adsense no. 1 is the reliability, stability, variety of services and large number of publishers including google it self. Also google has a fair platform that detects invalid clicks so google successfully protects its advertisers and also offers its best publishers top CPC. Two reasons are behind people think
11 comments
Read more

CFLDAP Add Active Directory User to a Group

I was trying to add a user to a group and had lots of code formatting etc. I was unable to find a straightforward code to help me. I have prepared the below code to help you using CFLDAP and also I will give you an alternative way using the dsmod command line. Lets start first with the CFLDAP: Now lets add an active directory user to a group using command line: When I wrote the above code I added a bulk list of users to a certain Active Directory group. Sometimes the CFLDAP failed so in the cfcatch I called the dsmode using the cfexecute. Why? Some of the user CN names contained special characters like 'bracket (' this caused an error when using the cfldap to add users to the groups so I had to use the cfexcute which succeeded.
Post a Comment
Read more

ERROR: cross-database references are not implemented

You face this error while trying to query two tables from difference databases in Postgres, as Postgress is unlike SQL Server, you can't join two tables from different databases. Instead you may have One Database with Two different Schemas . Schemas group your data tables separately and give you the flexibility to query and join tables from across schemas in the same Database. So if you have DB1 and DB2, you need to move the tables in DB2 to DB1 but in a new schema. If you are using the public schema in DB2 you need to change the name:   alter schema public rename to new_schema_name ; create schema public ;   Now Backup your Schema: $ pg_dump --format custom --file "my_backup" --schema " new_schema_name " "db2" $ pg_restore --dbname "db1" "my_backup" Your Done. If you have any question please let me know.
Post a Comment
Read more