1. Technical

Information on CVE-2014-6271 and CVE-2014-7169 Bash Vulnerabilities (Shell Shock)

Written by Posted on Less than 0 min read
0

On September 24th, a vulnerability was reported in the GNU Bourne-Again-Shell (BASh, or Bash), specifically a flaw with how Bash processes values of environment variables, that allows remote code execution of varying types in many common configurations. The overall risk is severe due to bash being configured for use, by default, on most Linux servers.

While Liquid Web immediately began working to proactively patch this vulnerability, some servers may remain vulnerable depending on their update settings or other unforeseen intervening factors. Thus, we’ve provided the instruction below.

To Summarize:

  • This flaw exploits Bash, a Unix command-line shell run by default on most Linux servers.
  • Allows for remote code execution, and many types of command-line based attacks.
  • A patch is available, and your server can be easily updated.
  • We have tutorials on How to Update Bash on Red Hat and CentOS and How to Update Bash on Debian and Ubuntu.
  • Test the vulnerability of your server with the information below.

The National Cyber Awareness System describes the issue as follows:

GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271.

Again, have tutorials on How to Update Bash on Red Hat and CentOS and How to Update Bash on Debian and Ubuntu.

Additional information on CVE-2014-6271 Bash Vulnerability can be found here.

Additional information on CVE-2014-7169 Bash Vulnerability can be found here.

Ubuntu specific information can be found here.

Red Hat specific information can be found here.

CentOS specific information can be found here.

Check Whether Your Server is Vulnerable

Check whether or not your server is vulnerable by running the following (safe to run) code:

env x='() { :;}; echo vulnerable' bash -c 'echo hello'

If your server isn’t vulnerable, then the following will be displayed:

bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x’
hello

If your server is vulnerable, then the following will be displayed:

vulnerable
hello

Proceed to our tutorials on How to Update Bash on Red Hat and CentOS and How to Update Bash on Debian and Ubuntu.

Want to Try This Tutorial?

Launch a Free* Storm Server

*For new customers only

<!– –><!– –>

Thank you. Your request has been submitted and we’ll be sending you a $75 Storm coupon shortly!

Member since

More from admin

VipsPMV1.2
  1. Technology

Affordable and Flexible Project Management Suite

Overview VipsPM – Project Management Suite is a Powerful web-based Application. VipsPM is a perfect tool to fulfill all your project management needs like managing Projects, Tasks, Defects, Incidents, Timesheets, Meetings, Appointments, Files, Documents, Users, Clients, Departments, ToDos, Project Planning, Holidays and Reports. It has simple yet efficient layout will make managing projects easier than […]
Written by
  1. Technology

Upgrade Your Self Managed Ubuntu 12.04 HWE Kernel in Liquid Web US Central Zone B

It is highly recommended that you take an image of your existing server prior to following these instructions. Doing so will ensure that if something unexpected occurs, you will be able to restore your server from the backup image. For instructions on creating a backup image from the Manage interface please visit:http://www.liquidweb.com/kb/creating-storm-server-images/http://www.liquidweb.com/kb/restoring-a-storm-server-from-an-image/ Pre-Flight Check As […]
Written by
  1. Blog
  2. Blogging Tips
  3. Technical
  4. Technology

IPAGE REVIEW (The best domain and hosting company)

Most entrepreneurs feel that purchasing an extravagant domain name assurances traffic and recognition of their site. Despite, it is not difficult to get a cheap domain name that is equally trustworthy; particularly when you decide to utilize 1&1. Before enlisting a cheap domain name, it is important to distinguish the name of your domain. When […]
Written by
  1. Technical
  2. Technology
  3. Technology Trends

How to Customize Ubuntu’s Unity Launcher for Different Workspaces Using Unity LauncherSwitcher

There are times when you’re working on multiple tasks in parallel. For example, I have been recently working on reviewing lightweight web browsers for Linux and researching on Smart Credit Cards besides doing my regular work. Although I use different workspaces for different tasks, the problem that I usually face is that the app icons […]
Written by
Next
No Comments
Leave a comment
Comments to: Information on CVE-2014-6271 and CVE-2014-7169 Bash Vulnerabilities (Shell Shock)

Recent Articles

Good Reads

How to Recognize the Quality and Purity of Groundnut Oil

Unlock the Secrets to Identifying High-Quality and Pure Groundnut Oil

Groundnut oil is a popular choice⁤ for cooking⁢ in many households due to ‍its ⁤versatility and health benefits. However, it is important to ensure that the groundnut oil you are⁣ using is of high quality and purity. In this guide, we will discuss simple and practical ways to identify top-notch groundnut oil for cooking, including […]
Written by
lar

Discover Inner Peace: The Spiritual and Healing Benefits of Wearing Larimar

Larimar ‍is​ a ⁣stunning blue gemstone found exclusively in the Dominican Republic, known for ⁤its remarkable spiritual and‌ healing properties as well as its beauty. This captivating stone has long been associated with inner peace, emotional balance, and tranquility due​ to its intricate patterns reminiscent of the ocean and its serene shades of blue. The […]
Written by

Worlwide

VipsPMV1.2

Affordable and Flexible Project Management Suite

Overview VipsPM – Project Management Suite is a Powerful web-based Application. VipsPM is a perfect tool to fulfill all your project management needs like managing Projects, Tasks, Defects, Incidents, Timesheets, Meetings, Appointments, Files, Documents, Users, Clients, Departments, ToDos, Project Planning, Holidays and Reports. It has simple yet efficient layout will make managing projects easier than […]
Written by
How to Recognize the Quality and Purity of Groundnut Oil

Unlock the Secrets to Identifying High-Quality and Pure Groundnut Oil

Groundnut oil is a popular choice⁤ for cooking⁢ in many households due to ‍its ⁤versatility and health benefits. However, it is important to ensure that the groundnut oil you are⁣ using is of high quality and purity. In this guide, we will discuss simple and practical ways to identify top-notch groundnut oil for cooking, including […]
Written by
lar

Discover Inner Peace: The Spiritual and Healing Benefits of Wearing Larimar

Larimar ‍is​ a ⁣stunning blue gemstone found exclusively in the Dominican Republic, known for ⁤its remarkable spiritual and‌ healing properties as well as its beauty. This captivating stone has long been associated with inner peace, emotional balance, and tranquility due​ to its intricate patterns reminiscent of the ocean and its serene shades of blue. The […]
Written by
lar

Discover Inner Peace: The Spiritual and Healing Benefits of Wearing Larimar

Larimar is a stunning⁤ blue gemstone‌ found exclusively in the Dominican Republic, known ⁣for its remarkable spiritual and healing properties as well as its beauty. This‌ captivating stone has​ long been associated with inner ​peace, emotional ‌balance, ⁤and ⁢tranquility due to its intricate patterns reminiscent of the ocean and its serene ​shades‌ of blue. The […]
Written by

Trending

A Walk Through The Tucson Bead Show-665623f6

Turquoise Gemstone Jewelry Collection – Rananjay Exports

Turquoise Jewelry is one of the ancient healing stones used for personal adornment and astrological benefits. The rare greenish blue-colored pectolite is celebrated for its enchanting powers among many crystal lovers. It is a hydrated phosphate of copper and aluminum that ranks 5 to 6 on the Mohs hardness scale. It is deemed a protective […]
Written by