Shellshock Bash Vulnerability Identified in VPS

I was informed by DigitalOcean that the Shellshock, with “破壳” named in Chinese, were identified in most of the Unix-alike systems. Well, it had raised my concerns when I read an article from Chinese sources yesterday so I’ve already patched the system and it is safe for 2 of my major VPS.

Vulnerability Identification: when I logged into the VPS shell, I used the command below:

env x='() { :;}; echo VulnerableCVE-2014-6271 ‘ bash -c “echo test”

If the VPS shell returned two lines of information, it means that system is vulnerable for this security issue.

VulnerableCVE-2014-6271
test

Shellshock-1

Applying Patches: it is really easy for applying security patches for this security issue, just run:

sudo apt-get update
sudo apt-get upgrade

and you are DONE!

Double check if we have a worry-free bash program:

Shellshock-2