[4eyes] ShellShock vulnerability
John O'Donovan
jodmail at gmail.com
Fri Sep 26 15:53:40 PDT 2014
Hi All,
Following from Greta's email about the ShellShock vulnerability: If
you have a machine in the lab, it probably needs to be patched. I got
the following simple test procedure from Larry Zins:
"To see if you system is vulnerable, copy and paste the following
command into a bash shell:
env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
If it returns 'vulnerable', your bash needs to be updated.
To upgrade bash in Ubuntu, can do:
apt-get update && apt-get install -only-upgrade bash
For CentOS/RedHat, can do:
yum update bash
And then test again."
Here is some more information that might be useful:
http://www.bbc.com/news/technology-29361794
and an official site with some info on patches for different platforms:
https://www.us-cert.gov/ncas/current-activity/2014/09/24/Bourne-Again-Shell-Bash-Remote-Code-Execution-Vulnerability
Thanks!
-John
--
John O'Donovan
Research Scientist
Department of Computer Science
University of California, Santa Barbara, CA 93106-5110
email: jod at cs.ucsb.edu
phone: (805)451-9342
web: http://cs.ucsb.edu/~jod
More information about the Ilab-users
mailing list