Created
September 24, 2014 20:25
-
-
Save salcode/42ecd5e4fed1b9491e8f to your computer and use it in GitHub Desktop.
Updating Bash to Address CVE-2014-6271 with yum
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # SSH into server | |
| # change to root account using `su` (if you're not already logged in as root) | |
| # Test for vulnerability | |
| env x='() { :;}; echo vulnerable' bash -c "echo this is a test" | |
| # If you see this output, you're not vulnerable and logout now | |
| # bash: warning: x: ignoring function definition attempt | |
| # bash: error importing function definition for `x' | |
| # this is a test | |
| # If you see this output, follow the steps below | |
| # vulnerable | |
| # this is a test | |
| yum update bash | |
| # if you don't have yum installed, you'll need to use | |
| # something like apt-get, which is outside my knowledge base | |
| # run the test again and confirm you are no longer vulnerable | |
| # Read More about vulnerability at | |
| # https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/ | |
| # https://access.redhat.com/articles/1200223\ | |
| # https://blog.cloudsecurityalliance.org/2014/09/24/worse-than-heartbleed/ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment