I was informed by DigitalOcean that the Shellshock, with “破壳” named in Chinese, were identified in most of the Unix-alike systems. Well, it had raised my concerns when I read an article from Chinese sources yesterday so I’ve already patched the system and it is safe for 2 of my major VPS.
Vulnerability Identification: when I logged into the VPS shell, I used the command below:
env x='() { :;}; echo VulnerableCVE-2014-6271 ‘ bash -c “echo test”
If the VPS shell returned two lines of information, it means that system is vulnerable for this security issue.
VulnerableCVE-2014-6271
test
Applying Patches: it is really easy for applying security patches for this security issue, just run:
sudo apt-get update
sudo apt-get upgrade
and you are DONE!
Double check if we have a worry-free bash program:
27/09/2014
Shellshock Bash Vulnerability Identified in VPS
By dch1 in Web Log No Comments
I was informed by DigitalOcean that the Shellshock, with “破壳” named in Chinese, were identified in most of the Unix-alike systems. Well, it had raised my concerns when I read an article from Chinese sources yesterday so I’ve already patched the system and it is safe for 2 of my major VPS.
Vulnerability Identification: when I logged into the VPS shell, I used the command below:
If the VPS shell returned two lines of information, it means that system is vulnerable for this security issue.
Applying Patches: it is really easy for applying security patches for this security issue, just run:
and you are DONE!
Double check if we have a worry-free bash program: