Bluewave Network Technologies | Malaysia
  • Home
  • About Us
    • Mission and Visionary
    • Technical Expertise
  • Products and Services
    • Professional Managed Services
    • Unified Communications & Collaboration
    • Consulting & Installation Services
    • Security and Next-Gen Firewall
    • Virtualization
    • Storage and Storage Networking
    • Disaster Recovery >
      • Data Networking
    • Data Centers
    • Wireless and Mobility Solution
    • Email Security
    • Private Cloud Infra
    • Data Center Reallocation
    • Event WiFi
  • Our Valuable Clients
  • Our Partners and Alliances
  • Resources and Tools
    • Security Updates
    • Product Demos
    • KBs and Library
  • We Care for Your Problems
  • Careers
  • Contact Us

How to Protect your Server Against the Shellshock Bash Vulnerability


Introduction

On September 24, 2014, a GNU Bash vulnerability, referred to as Shellshock or the "Bash Bug", was disclosed. In short, the vulnerability allows remote attackers to execute arbitrary code given certain conditions, by passing strings of code following environment variable assignments. Because of Bash's ubiquitous status amongst Linux, BSD, and Mac OS X distributions, many computers are vulnerable to Shellshock; all unpatched Bash versions between 1.14 through 4.3 (i.e. all releases until now) are at risk.

The Shellshock vulnerability can be exploited on systems that are running Services or applications that allow unauthorized remote users to assign Bash environment variables. Examples of exploitable systems include the following:

  • Apache HTTP Servers that use CGI scripts (via mod_cgi and mod_cgid) that are written in Bash or launch to Bash subshells
  • Certain DHCP clients
  • OpenSSH servers that use the ForceCommand capability
  • Various network-exposed services that use Bash
A detailed description of the bug can be found at CVE-2014-6271 and CVE-2014-7169.

Because the Shellshock vulnerability is very widespread--even more so than the OpenSSL Heartbleed bug--and particularly easy to exploit, it is highly recommended that affected systems are properly updated to fix or mitigate the vulnerability as soon as possible. We will show you how to test if your machines are vulnerable and, if they are, how to update Bash to remove the vulnerability.

Note: (Sept. 25, 2014 - 6:00pm EST) At the time of writing, only an "incomplete fix" for the vulnerability has been released. As such, it is recommended to update your machines that run Bash immediately, and check back for updates and a complete fix.

Check System Vulnerability
On each of your systems that run Bash, you may check for Shellshock vulnerability by running the following command at the bash prompt:

env VAR='() { :;}; echo Bash is vulnerable!' bash -c "echo Bash Test"

The highlighted echo "Bash is vulnerable!" portion of the command represents where a remote attacker could inject malicious code; arbitrary code following a function definition within an environment variable assignment. Therefore, if you see the following output, your version of Bash is vulnerable and should be updated:

"Bash is vulnerable! "
"Bash Test "

Otherwise, if your output does not include the simulated attacker's payload, i.e. "Bash is vulnerable" is not printed as output, your version of bash is not vulnerable. It may look something like this:

-bash: warning: VAR: ignoring function definition attempt 
-bash: error importing function definition for `VAR' 
-Bash Test

If your version of Bash is vulnerable, read on to learn how to update Bash and fix the vulnerability.

Test Remote Sites
If you simply want to test if websites or specific CGI scripts are vulnerable, use this link:'ShellShock' Bash Vulnerability CVE-2014-6271 Test Tool.

Simply enter the URL of the website or CGI script you want to test in the appropriate form and submit.

Fix Vulnerability: 
Update BashThe easiest way to fix the vulnerability is to use your default package manager to update the version of Bash. The following subsections cover updating Bash on various Linux distributions, including Ubuntu, Debian, CentOS, Red Hat, and Fedora.

Note: (Sept. 25, 2014 - 6:00pm EST) At the time of writing, only an "incomplete fix" for the vulnerability has been released. As such, it is recommended to update your machines that run Bash immediately, and check back for updates and a complete fix.

APT-GET: Ubuntu / Debian
Update Bash to the latest version available via apt-get:

- sudo apt-get update && sudo apt-get install --only-upgrade bash


YUM: CentOS / Red Hat / Fedora
Update Bash to the latest version available via the yum:

- sudo yum update bash


* Conclusion
Be sure to update all of your affected servers to the latest version of Bash!

About Us

Our Mission and Visionary
Our Technical Expertise

Our partners and clients

Our Valuable Clients
Our Partners and Alliances

resources and tools

Web Demo 
Knowledge Bases and Library
Useful External Links
Real-time Security Update (DDoS)

Products and services

Professional Managed Services
Unified Communication
Consultancy and Installation
Storage and Storage Networking
Security and Perimeter Firewalling
Data and Fabric Networking
Simply Better Wireless Solution
Virtualiztion 
Data Centers Design and Buildup
Disaster Recovery Planning

INTERNAL RESOURCES AND LINK

​Bluewave Helpdesk Login
​Bluewave Asset Request Form
Bluewave SSLVPN Login
Bluewave Spicework Login
​Bluewave Leave Application Form

Contact us

Admin Office:
B-5-8 Plaza Mont Kiara,
​Jalan Mont Kiara, Mont Kiara,
50480 Kuala Lumpur, Malaysia.

R&D Office:
Suite No 20-08, 20th floor,
Wisma Zelan, No 1, Jalan Tasik Permaisuri 2, Bandar Tun Razak, Cheras 56000 Kuala Lumpur,
Malaysia

Phone: 
General Line: 
+603-27262606 / +6012-3853736
Fax Line:          
+603-95442001 
​
Global 24x7 Support Hotline: 
+603-6412 2425 / 2426 / 2427 / 2428

location maps

Email us now
we care for your IT problems, drop your challenges here

Copyright 2018 by Bluewave Network Technologies Sdn Bhd
No B-5-8, Plaza Mont Kiara,  Jalan Mont Kiara, 57100, Kuala Lumpur
+603-27262606 | support@bluewavenetwork.net
24x7 Same Day Support: +603-6419 2988 / +603-6419 2989 / +603-6419 2990