What is it?

A dangerous in , a shell that’s enabled by default on pretty much every *nix ystem ever. Learn more here. In short, it’s bad but it’s wildly easy to fix.

How do I fix it?

UPDATE: Ubuntu released a patch to fix this vulnerability after I wrote this post, and since auto-applies security fixes nightly, all -managed servers are now safe. You can read on for fun, but you’re now safe.

It’s likely going to be automatically fixed in an Ubuntu security update soon, but if you want to manually update your Forge-managed servers (or any other Ubuntu servers)–I would recommend this–just SSH into your server and run the following:

$ sudo apt-get update && sudo apt-get install --only-upgrade bash

This will get an updated list of available packages (apt-get update) and then just upgrade bash. It wouldn’t hurt to reboot your server afterwards, although it’s not necessary–you can do this through Forge or by running sudo reboot on your server.

Not enough?:

Per this tweet, even this bash patch might not be ENOUGH–but it’s better to apply and keep your eyes on the bug than to not apply.

Is my server vulnerable?

You can also run the following to check whether your server is even vulnerable:

$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

If you see the following output, your server is vulnerable:

vulnerable
this is a test

If you see any other output, likely the following, your server is safe:

bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test





Source link https://mattstauffer.com/blog/-forge--the-cve-2014-6271-bash-vulnerability

LEAVE A REPLY

Please enter your comment!
Please enter your name here