September 25, 2014

Shell Shock Bash Security Issue

A serious security issue has been found in the Bash Command Interpreter on Linux and Unix systems.

This issue could allow someone to remotely gain control of a server or PC running Linux or Unix.

Elive have audited all systems already and servers have been verified patched except for 2 older legacy servers that are in the process of being de-commissioned. These servers have no client facing services that could allow a successful attack, and we had planned to have these removed from our network within the next 2 weeks anyway.

If you have a dedicated or virtual server with us running Linux, we recommend you immediately login and update bash, if installed.

To test if you are vulnerable, run the following:

env X="() { :;} ; echo Vulnerable" `which bash` -c "echo completed"

If the result is a display of the word Vulnerable, then update bash immediately
On Centos/Redhat, run the command :
yum update bash

Then rerun the test above to verify that you are patched.

If you need assistance, please contact us on support@elive.net

More info here http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271