X

Shellshock Bash bug attack: what do you need to do?

On Wednesday 24th September, 2014, The Red Hat security group released an important vulnerability announcement for bash. The security flaw, coined ‘Shellshock’, allows malicious code execution within the bash shell to take over an operating system and access confidential information. Additionally, Red Hat has warned that many programs that run bash shell in the background, with the bug being triggered when extra code is added within the lines of bash code.

As with any security vulnerability of this kind, 123-reg has worked proactively to reduce risks for customers. All 123-reg infrastructure and shared web hosting services were patched on Wednesday, as soon as the initial vulnerability was announced. Furthermore, all 123-reg infrastructure and shared web hosting services were patched again on Friday (26.09.14), once updates for CVE-2014-7169 became available. Customers on shared web hosting packages do not need to do anything as we have secured your services.

Our teams have been monitoring the situation closely to ensure patches are effective and we have not been compromised.

Cloud Servers, VPS and Dedicated Servers

As these services are un-managed by us and as such customers will need to secure their own services and should follow the below steps:

Centos & Fedora use bash by default and should be updated.

yum -y update bash

rpm -q –changelog | grep –B1 –A1 CVE-2014-7169

This should return something like:

‘Thu Sep 25 2014 Ondrej Oprala <ooprala@redhat.com> – 4.1.2-15.2’

CVE-2014-7169

Resolves: #1146322

We advise customers that have successfully updated to reboot the server to make sure that there are no vulnerable invocations of bash running.

Ubuntu & Debian may not use bash by default however they should still be patched as bash is likely to be installed.

apt-get update && apt-get install –only-upgrade bash

Once you have successfully updated we recommend that you reboot the server to make sure that there are no vulnerable invocations of bash running.

You can check whether your system is affected by typing the following at the command line:

 

env ‘x=() { :;}; echo vulnerable’ ‘BASH_FUNC_x()=() { :;}; echo vulnerable’ bash -c “echo test”

Should your system be vulnerable, the echo-value “vulnerable” is reproduced.

Please note that there may be no patches available for older end of life Linux distributions.

123-reg takes security vulnerabilities of this kind very seriously and our security teams have worked to apply patches and fixes where necessary. We also recommend that customers keep their passwords up to date and install the latest versions of third party applications including WordPress and Joomla. Of course, we are always here to advise and help so if you do have a question regarding this, simply get in touch here.

For more information regarding this security vulnerability please visit: https://access.redhat.com/articles/1200223

Thomas Costello:
Related Post