Security Issue bash : ShellShock CVE-2014-6271 and CVE-2014-7169 -> PATCHED! | HostStage .

Security Issue bash : ShellShock CVE-2014-6271 and CVE-2014-7169 -> PATCHED!

Security Issue bash : ShellShock CVE-2014-6271 and CVE-2014-7169 -> PATCHED!

  • 29 Sep 0
Did you like what you read?Share on Facebook
Facebook
0Share on Google+
Google+
0Tweet about this on Twitter
Twitter
0Share on LinkedIn
Linkedin
Share on Reddit
Reddit
0Digg this
Digg
Buffer this page
Buffer

A couple of days ago, 2 severe security threats were revealed which were called ShellShock. The security issue is dealing with the bash package affecting all Red Hat based OS (including CentOS), Debian, Ubuntu and Fedora. 

At HostStage, we took the problem very seriously and we deployed updates throughout our whole network. All our servers weree patched immediately and even updated twice as far as a second injection vulnerability was discovered. 

Finally, we have also decided, giving the criticity of the situation, to proceed with pactching all our customers servers. cPanel ones being managed was included by default of course but exceptionnally, we have extended it to all OS and we did it manually for the most part. 

Shared web hosting accounts were patched during our infrastructure update. 

We have updated all linux VPS and dedicated servers. The owners of the ones we weren’t able to update dued to password issue or because of the inconvenience the update could have cuased, should have received an email including the details to perform the bash update process. 

Windows VPS weren’t impacted by Shellshock. 

If you have others servers which aren’t hosted by HostStage, you can test whether it is vulnerable with the commands below : 

TEST OF 2014-6271: 

env var='() { ignore this;}; echo vulnerable’ bash -c /bin/true

If the result of this command returns “vulnerable”, it means that your server needs to be patched and you can scroll down below to find how to fix the vulnerability. 

TEST OF CVE-2014-7169: 

cd /tmp; rm -f /tmp/echo; env ‘x=() { (a)=>’ bash -c “echo date”; cat /tmp/echo

If the result of this command returns the output below, you would need to apply the steps below : 
bash: x: line 1: syntax error near unexpected token `=’
bash: x: line 1: `’
bash: error importing function definition for `x’
Fri Sep 26 11:49:58 GMT 2014

And you should be able see a file named echo in /tmp (cat /tmp/echo) 
If it results the following, it means that your server is patched and up to date : 

cat: /tmp/echo: No such file or directory

You can find below the different steps to update the bash package according to your different linux distributions : 

CentOS: 

yum clean all && yum update bash -y


Ubuntu 11.10:

sudo sed -i ‘s/oneiric/trusty/g’ /etc/apt/sources.list && sudo apt-get update && sudo apt-get install bash -y
Ubuntu 12.10:

sudo sed -i ‘s/quantal/trusty/g’ /etc/apt/sources.list && sudo apt-get update && sudo apt-get install bash -y
Ubuntu 13.10:

sudo sed -i ‘s/saucy/trusty/g’ /etc/apt/sources.list && sudo apt-get update && sudo apt-get install bash -y


Other Ubuntu Version: 

1) You need to get the grab the Codename of your Ubuntu distribution by typing the following command : 

lsb_release-a

Which should give you the output below :

No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu X.X
Release: X.X
Codename: <codename>

2) Then you would need to type the command below without the < and >

sudo sed -i ‘s/<codename>/trusty/g’ /etc/apt/sources.list && sudo apt-get update && sudo apt-get install bash -y
Debian 6 Squeezy: 

echo ‘deb http://ftp.us.debian.org/debian squeeze-lts main non-free contrib’ > /etc/apt/sources.list

apt-get update

apt-get install bash
Debian 7 Wheezy

echo ‘deb http://security.debian.org/ wheezy/updates main contrib non-free ‘ > /etc/apt/sources.list

apt-get update

apt-get install bash

Did you like what you read?Share on Facebook
Facebook
0Share on Google+
Google+
0Tweet about this on Twitter
Twitter
0Share on LinkedIn
Linkedin
Share on Reddit
Reddit
0Digg this
Digg
Buffer this page
Buffer

Leave A Comment


Join Us on Facebook

Our Latest Tweets

  • 5 months ago

    @Galukxy  What is the reason of your website suspension? It could be something we could help you with actually

  • 8 months ago

    The Ultimate List: 57 Online Local Business Directories https://t.co/HATo96qXrw #localseo #Leadgeneration… https://t.co/HUz7sXscHz

  • 8 months ago

    21 of the Best #Facebook Pages We've Ever Seen https://t.co/Kz0o3jhuWS #FacebookMarketing #SMM #socialmedia https://t.co/nFOwpvtGMs

  • 8 months ago

    How to Make the Right Landing Page Rank: A Complete #SEO Checklist https://t.co/PaAye3CJCd #DigitalMarketing https://t.co/vTsj6sXEpu

  • 8 months ago

    30 Crazy #SocialMedia Facts That Might Change How You Think About Marketing https://t.co/hmEK7QuAnM #SMM #marketing https://t.co/mUlSRX8itV