Sales: 1300 467 843

OzHosting.com - Support Desk

RSS Feed
News
Sep
25
Bash Vulnerability Statement
Posted by Support Team on 25 September 2014 11:53 AM

A newly discovered vulnerability in the Bash command interpreter poses a critical security risk to Unix and Linux systems.

The vulnerability is present in Bash through version 4.3, and was discovered by Stephane Chazelas. It puts Apache web servers, in particular, at risk of compromise via CGI scripts that use or invoke Bash in any way – including any child processes spawned by the scripts. OpenSSH and some DHCP clients are also affected on machines that use Bash.

Customers who have a Linux VPS service with OzHosting may be affected.

To check if your Linux VPS is vulnerable please do the following

SSH into the Linux VPS

Run the following command - env X="() { :;} ; echo busted" /bin/sh -c "echo stuff"

If the output displays the word "Busted" then the vulnerability exists.

To resolve simple perform a "yum update" to update the current Bash version.

If you require assistance with this please contact our Support Team on 1300 467 843

Vulnerabilty Information - http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271

 

 

 

 



Comments (0)
Login

Subscribe

 
News Categories
http://assets03.desk.com/
OzHostingcom
Loading
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
about
Invalid characters found
/customer/portal/articles/autocomplete