Debian Tutorials

Debian Tutorials


Step by step tutorials showing you how to install and configure various applications and services on Debian based Linux distros.

March 2024
M T W T F S S
 123
45678910
11121314151617
18192021222324
25262728293031

Categories


How to detect if your server is vulnerable to the Shellshock bug and fix it

Ástþór IPÁstþór IP

Shellshock vulnerability is a security bug affecting Unix/Linux operating system through the bash shell. Disclosed on September 24 2014, it has been rated 10 (the maximum score) for severity by NIST. Debian installs bash by default so you’re probably affected!

To check if your server is vulnerable, run this command:

env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

If the results look like this you are affected:

user@host:~# env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
vulnerable
this is a test

However if you get these results you are not affected:

user@host:~# env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test

Wheezy

If you are running the latest Debian release, the solution is simple, just update the system:

apt-get update
apt-get upgrade

Squeeze

If you are running squeeze you need to add the LTS apt source and update bash:

1. Append LTS to apt sources (pico /etc/apt/sources.list)

deb http://http.debian.net/debian squeeze-lts main contrib non-free
deb-src http://http.debian.net/debian squeeze-lts main contrib non-free

2. Update apt

apt-get update

3. Upgrade bash to the latest version

apt-get install -t squeeze-lts --only-upgrade bash

Older releases

If you are using older release you should update to wheezy.

Comments 3
  • xxx
    Posted on

    xxx xxx

    Author

    How to fixed this bug on Debian 5 ? thanks!


  • Farhan Islam
    Posted on

    Farhan Islam Farhan Islam

    Author

    How to fix this on Centos 6.5?


  • ndugu
    Posted on

    ndugu ndugu

    Author

    also you can just upgrade the bash with the small command such as “apt-get upgrade bash” no need to upgrade whole system if not needed 🙂