Major Vulnerability discovered in Bash

As you may have already heard, Bash (the popular Linux and Unix shell) has a serious security problem that can cause trouble to your server(s) and any other Linux devices that you are using. According to Red Hat researchers, the severity of the bug can be classified as "catastrophic”. This is due to the fact that there are many possible ways to call Bash by an application. So this may allow attackers to upload files, execute commands, send spam and more.

bash-danger

There is an easy way to find out whether your system is vulnerable. You can simply check your system from a command line by typing:

env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

If the system is vulnerable, the output will be:

vulnerable this is a test

If you run the above example with the patched version of Bash, you should get an output similar to:

$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test

Update to a patched version immediately!

If you are the administrator of a Linux server, then you should update your Bash version to a patched version immediately. An update for CentOS, Debian and Ubuntu has already been released. If you are running Debian or Ubuntu, executing ‘apt-get update’ and then ‘apt-get upgrade’ without quotes should fix the issue. If you are running CentOS executing ‘yum update’ should fix the issue. For more information regarding this issue please read all the available information here.