warning

Bash Critical Vulnerability – Check now!

September 25th, 2014 by

There has been a critical vulnerability found in Bash. The vulnerability affects Linux/Unix distributions that use or have Bash installed.

For additional information on this vulnerability please click here. 

We advise all our clients to keep their servers & software updated constantly to make sure their servers are at minimal risk of potential vulnerabilities. For this particular vulnerability we recommend reading the following links and taking action as soon as possible:

https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/

https://access.redhat.com/articles/1200223

To test if your version of Bash is vulnerable, run the following command:

$ env x='() { :;}; echo vulnerable’ bash -c “echo this is a test”

If the output of the above command looks as follows:

vulnerable
this is a test

You are using a vulnerable version of Bash. The patch used to fix this issue ensures that no code is allowed after the end of a Bash function.

If you run the above example with the patched version of Bash, you should get an output verifying you are not vulnerable:

$ env x='() { :;}; echo vulnerable’ bash -c “echo this is a test”
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x’
this is a test

Please contact our support team on support@uk2.net if you would like any help in applying the patch or have further questions about this vulnerability.

  • Share this post

2 cropped

#MyUK2: Ross MacGillivray

Banner

Expert Insights: Dotun Olowoporoku

Leave a Response