Linux Hosting

how to identify and defend against the Bash Shellshock vulnerability

2 min read
In this article, we will explain how to identify and defend against a long-standing security vulnerability in GNU Bash, known as Shellshock or Bash bug for short. The vulnerability allows an attacker to execute code commands according to specific parameters by sending a short line of code, thereby bypassing server security restrictions. Since Bash is present in every Linux, BSD, and Mac OSX system, computers that do not upgrade their Bash software are at risk. The Bash bug allows hacking into any system that runs applications and services that enable any connection to a Bash work environment. Several systems that can be hacked through:
  • Apache, which uses CGI, through mod_cgi and mod_cgid, which are written in Bash or run Bash subshells.
  • Some DHCP software.
  • OpenSSH servers that use ForceCommand.
  • Other network software that uses Bash.
Additional information can be found here: CVE-2014-6271 and CVE-2014-7169. Given that this vulnerability is even more widespread than the OpenSSH Heartbleed vulnerability, and also much easier to exploit, it is highly recommended that you check and update your personal computer. Below, we will explain how to check for and block the vulnerability, if present, and how to update your Bash software and remove the vulnerability.  

Checking the system

On any system running Bash, you can run the following under bash:  

env VAR='() { :;}; echo Bash is vulnerable!' bash -c "echo Bash Test"

  The part that says "Bash is vulnerable!" represents the part where the hacker could inject malicious code into the system. Therefore, if the result is:  

Bash is vulnerable! Bash Test

Your system is at risk! Therefore, if the result does not display this line, then the server is not vulnerable to the exploit.  

Remote website testing

You can run this test to check if there is a security breach through your website: Tool for testing ShellShock' Bash Vulnerability CVE-2014-6271  

Fixing the breach: Updating Bash

The quickest and easiest way is to update via your package manager (apt-get, yum). We will only review Debian, Ubuntu, Red-Hat, Centos, and Fedora. Debian/Ubuntu: apt-get

sudo apt-get update && sudo apt-get install --only-upgrade bash

CentOS/RedHat/Fedora: yum

sudo yum update bash

It is important to remember to do this for all of your servers. Now you can check again to see if the vulnerability still exists. Good luck!
Previous post
creating a standing order in the customer interface
to set up a standing order, log in to the billing interface with your username and password. If you have forgotten your password, you can recover it by clicking "Recover Password" on the login screen. Your username is the customer number you received when you registered.
Next post
virtual servers for small and medium-sized businesses
for many small and medium-sized businesses seeking to develop a high-quality and effective online presence, virtual servers for businesses are the ultimate website hosting solution. This type of hosting offers a high level of professionalism and reliability, flexibility...

2026 © Linux Hosting - Web Hosting since 2011