Sep
27

new-__bash__-software-bug-mayUnless you’ve been under a rock for the last few days you’ve probably heard about the new Bash exploit (CVE-2014-6271) ‘ShellShock’ that allows remote code execution through bash, because of the amount of servers and applications using the bash service it’s a fairly big deal in the security world.

Here’s a few simple commands to get your CentOS servers patched, please for your sake do this ASAP.

# Check if vulnerable
env x='() { :;}; echo Vulnerable system'  bash -c "echo Testing..."
 Vulnerable system
 Testing...
#
# If you need to access the web via a proxy, add that here.
nano ~/.bash_profile
export http_proxy=http://192.168.1.123:3128
# Apply the patch
yum update bash -y
# Remove proxy (if used
nano ~/.bash_profile
# export http_proxy=http://192.168.1.123:3128
# Check if vulnerable
env x='() { :;}; echo Vulnerable system'  bash -c "echo Testing..."
 Testing...
#

Any problems or questions, please leave a comment.


You can leave a response, or trackback from your own site.

Leave a Reply

Our Sponsors