1. Technical

Information on CVE-2014-6271 and CVE-2014-7169 Bash Vulnerabilities (Shell Shock)

On September 24th, a vulnerability was reported in the GNU Bourne-Again-Shell (BASh, or Bash), specifically a flaw with how Bash processes values of environment variables, that allows remote code execution of varying types in many common configurations. The overall risk is severe due to bash being configured for use, by default, on most Linux servers.

While Liquid Web immediately began working to proactively patch this vulnerability, some servers may remain vulnerable depending on their update settings or other unforeseen intervening factors. Thus, we’ve provided the instruction below.

To Summarize:

  • This flaw exploits Bash, a Unix command-line shell run by default on most Linux servers.
  • Allows for remote code execution, and many types of command-line based attacks.
  • A patch is available, and your server can be easily updated.
  • We have tutorials on How to Update Bash on Red Hat and CentOS and How to Update Bash on Debian and Ubuntu.
  • Test the vulnerability of your server with the information below.

The National Cyber Awareness System describes the issue as follows:

GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271.

Again, have tutorials on How to Update Bash on Red Hat and CentOS and How to Update Bash on Debian and Ubuntu.

Additional information on CVE-2014-6271 Bash Vulnerability can be found here.

Additional information on CVE-2014-7169 Bash Vulnerability can be found here.

Ubuntu specific information can be found here.

Red Hat specific information can be found here.

CentOS specific information can be found here.

Check Whether Your Server is Vulnerable

Check whether or not your server is vulnerable by running the following (safe to run) code:

env x='() { :;}; echo vulnerable' bash -c 'echo hello'

If your server isn’t vulnerable, then the following will be displayed:

bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x’
hello

If your server is vulnerable, then the following will be displayed:

vulnerable
hello

Proceed to our tutorials on How to Update Bash on Red Hat and CentOS and How to Update Bash on Debian and Ubuntu.

Want to Try This Tutorial?

Launch a Free* Storm Server

*For new customers only

<!– –><!– –>

Thank you. Your request has been submitted and we’ll be sending you a $75 Storm coupon shortly!

No Comments
Comments to: Information on CVE-2014-6271 and CVE-2014-7169 Bash Vulnerabilities (Shell Shock)

Recent Articles

Good Reads

The retail industry is ‍currently undergoing a significant transformation as brands strive ‌to find new and innovative ways to engage customers across multiple channels. This has led to the emergence of headless platforms in retail, a cutting-edge approach that separates the front end from the back end. This allows retailers to create custom, highly ‌responsive […]
Let’s talk about teeth. Yep, those shiny little soldiers in your mouth that help you chew, talk, and make goofy faces in the mirror. Now, you might not think about it, but those teeth are under attack every day. No, not from aliens or monsters, but from something far sneakier: cavities. They love sugar, sneak […]

Worlwide

Overview VipsPM – Project Management Suite is a Powerful web-based Application. VipsPM is a perfect tool to fulfill all your project management needs like managing Projects, Tasks, Defects, Incidents, Timesheets, Meetings, Appointments, Files, Documents, Users, Clients, Departments, ToDos, Project Planning, Holidays and Reports. It has simple yet efficient layout will make managing projects easier than […]
The retail industry is ‍currently undergoing a significant transformation as brands strive ‌to find new and innovative ways to engage customers across multiple channels. This has led to the emergence of headless platforms in retail, a cutting-edge approach that separates the front end from the back end. This allows retailers to create custom, highly ‌responsive […]
Let’s talk about teeth. Yep, those shiny little soldiers in your mouth that help you chew, talk, and make goofy faces in the mirror. Now, you might not think about it, but those teeth are under attack every day. No, not from aliens or monsters, but from something far sneakier: cavities. They love sugar, sneak […]
Gemstones have been a source of fascination for centuries due to their unique colors, properties, and potential to influence emotions and energy. In addition to their aesthetic value, gemstones have been highly regarded by many cultures for their alleged ability to attract positive energy and prosperity. This article​ will discuss the ⁤arrangement of different gemstones […]

Trending

Turquoise Jewelry is one of the ancient healing stones used for personal adornment and astrological benefits. The rare greenish blue-colored pectolite is celebrated for its enchanting powers among many crystal lovers. It is a hydrated phosphate of copper and aluminum that ranks 5 to 6 on the Mohs hardness scale. It is deemed a protective […]
Singapore is recognised globally as a prime destination for foreign investors. Its business structure is well-developed, and its tax system is favourable to business owners. The government has a strong support system for entrepreneurs and provides legal protection for intellectual property rights. All of these conditions create an environment that is ideal for Singapore company […]
2020 has been a year that represents aggressive and sustained volatility with a confluence of unexpected situations, including economic shifts and market disturbance confluence. The COVID-19 pandemic forces businesses to adjust their methods of operations to ensure survival. These adjustments become the trajectory and guidance of what 2021 should look like and what companies should […]
COVID-19 pandemic has affected Thailand’s economy and labor market. World Bank’s Thailand Economic Monitor predicted that it would take Thailand over two years to return to its pre-COVID-19 growth and domestic product output levels. Although the country has successfully curbed the pandemic tide over the last few months, the economy remains severely hit. Nevertheless, heavily […]