Bash Shellshock fix with scripts for Debian, Ubuntu, CentOS and other distros. including old Rumi, October 3, 2014December 19, 2014 First check if your Bash is vulnerable, execute the following command- env x='() { :;}; echo vulnerable’ bash -c ‘echo this is a test’ If your system is vulnerable, you will see: vulnerable this is a test If your system is not vulnerable, you will see: bash: warning: x: ignoring function definition attempt bash: error importing function definition for `x’ this is a test To check for the vulnerability CVE-2014-6271, run the following in Bash: env X='() { (a)=>\’ sh -c “echo date”; cat echo If your system is vulnerable, you will see: bash: X: line 1: syntax error near unexpected toke `=’ bash: X: line 1: `’ bash: error importing function for `X’ Sun Sep 08:17:32 EST 2014 If your system is not vulernable, you will see: date cat: echo: No such file or directory To test the vulnerability CVE-2014-7186, run the following in Bash: bash -c ‘true <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF’ || echo “CVE-2014-7186 vulnerable, redir_stack” If your system is not vulnerable, you will see: bash: warning: here-document at line 0 delimited by end-of-file (wanted `EOF’) bash: warning: here-document at line 0 delimited by end-of-file (wanted `EOF’) bash: warning: here-document at line 0 delimited by end-of-file (wanted `EOF’) bash: warning: here-document at line 0 delimited by end-of-file (wanted `EOF’) bash: warning: here-document at line 0 delimited by end-of-file (wanted `EOF’) bash: warning: here-document at line 0 delimited by end-of-file (wanted `EOF’) bash: warning: here-document at line 0 delimited by end-of-file (wanted `EOF’) bash: warning: here-document at line 0 delimited by end-of-file (wanted `EOF’) bash: warning: here-document at line 0 delimited by end-of-file (wanted `EOF’) bash: warning: here-document at line 0 delimited by end-of-file (wanted `EOF’) bash: warning: here-document at line 0 delimited by end-of-file (wanted `EOF’) bash: warning: here-document at line 0 delimited by end-of-file (wanted `EOF’) bash: warning: here-document at line 0 delimited by end-of-file (wanted `EOF’) bash: warning: here-document at line 0 delimited by end-of-file (wanted `EOF’) So, let’s start fixing it! Below, I’ve tried to put various contributors solution to place in a single entry. For Debian 6 (Squeeze) Append this to your sources.list: deb http://http.debian.net/debian squeeze-lts main contrib non-free deb-src http://http.debian.net/debian squeeze-lts main contrib non-free and then run apt-get update apt-get install -t squeeze-lts –only-upgrade bash For Redhat/CentOS: Update the bash using yum (or other package management utility for your appropriate distribution) yum update bash On RedHat 5 (and CentOS 5), the following is the bash version after the update, which fixed the vulnerability. # rpm -qa | grep bash bash-3.2-33.el5_11.4 On RedHat 6 (and CentOS 6), the following is the bash version after the update, which fixed the vulnerability. # rpm -qa | grep bash bash-4.1.2-15.el6_5.2.x86_64 Wait! It’s not over yet! But above all I found this excellent scrpt from GIT contributor, that really works on various Ubuntu, Debian distribution (even some old distros). deshellshock Resource Link- http://www.thegeekstuff.com/2014/09/bash-shellshock-fix-cve-2014-7169/ http://unix.stackexchange.com/questions/157787/legacy-debian-versions-and-bash-shellshock http://unix.stackexchange.com/questions/157414/how-to-only-install-security-updates-on-debian https://raw.githubusercontent.com/pbkwee/deshellshock/master/deshellshock.sh https://www.linode.com/docs/security/security-patches/patching-bash-for-the-shellshock-vulnerability Related Administrations Configurations (Linux) Scripts BashCentOSDebianShellStickyUbuntu
Set Up Apache Virtual Hosts on Debian 7 July 29, 2019 Step One— Create a New Directory First, it is necessary to create a directory where we will keep the new website’s information. This location will be your Document Root in the Apache virtual configuration file. By adding a -p to the line of code, the command automatically generates all the… Read More
Virtualmin create a catch-all email account June 21, 2023 This tutorial will cover how to setup a catch-all email account. Once finished, it will be the default destination for any email arriving at your domain, unless overridden by another email account or alias. It assumes you have logged into Virtualmin as the root user. You can make any email… Read More
Install Server Certificate for IIS 6 or 5 May 8, 2011May 8, 2011 The following document is partly based on this Microsoft document: How to Import a Server Certificate for Use in Internet Information Services 5.0 (Q232137) Add Certificates snap-in to MMC Click Start, and then click Run. Type "MMC.EXE" (without the quotation marks) and click OK. Click Console in the new MMC… Read More