Shellshock Fix

TL;DR

Shellshock is a serious vulnerability in Bash that allows attackers to run commands on your system. This guide shows you how to check if you’re affected and update your system to fix it.

Checking for the Vulnerability

1. Identify Your Bash Version: Open a terminal and run:

   bash --version

   If your version is less than 4.3, you’re likely vulnerable.

2. Run the Test Script: A common test script can confirm vulnerability. Save this to a file (e.g., test.sh):

   #!/bin/bash
   ENV="() { :; }; export ENV"
   if [ "${ENV}" = "" ]; then
   echo vulnerable
   else
   echo not vulnerable
   fi

   Make the script executable:

   chmod +x test.sh

   Run it:

   ./test.sh

   If it outputs “vulnerable”, you need to update Bash.

Fixing the Vulnerability

1. Update Bash (Debian/Ubuntu): Use your package manager:

   sudo apt update

   sudo apt upgrade bash

2. Update Bash (CentOS/RHEL/Fedora): Use yum or dnf:

   sudo yum update bash

   or

   sudo dnf update bash

3. Verify the Update: After updating, check the Bash version again:

   bash --version

   It should now be 4.3 or higher.

4. Reboot (If Necessary): Some systems require a reboot for the update to fully take effect. This is especially true if core libraries were updated.

Additional Considerations

• Web Servers: If you run web servers (Apache, Nginx), ensure they are also patched against Shellshock. Check your server documentation for specific instructions.
• Firewall: Consider using a firewall to limit access to potentially vulnerable services.
• Regular Updates: Keep all your software up-to-date to protect against future vulnerabilities.