Just a bit more information on Shellshock

If you have Red Hat  or one of the distro’s based off of this (centOS, Fedora, etc)

Run the following:

Yum clean all

Yum update

Shutdown -r now

 

For Ubuntu server:
some are saying you can just do

apt-get update

apt-get install bash

 

Ubuntu Statement:
http://www.ubuntu.com/usn/usn-2362-1/

How to test
You can check if you’re vulnerable by running the following lines in your default shell, which on many systems will be Bash. If you see the words “busted“, then you’re at risk. If not, then either your Bash is fixed or your shell is using another interpreter.

env X=”() { :;} ; echo busted” /bin/sh -c “echo completed”

env X=”() { :;} ; echo busted” `which bash` -c “echo completed”

from:  theregister.co.uk

 

Statement from Apple:

The vast majority of OS X users are not at risk to recently reported bash vulnerabilities,” an Apple spokesperson told iMore. “Bash, a UNIX command shell and language included in OS X, has a weakness that could allow unauthorized users to remotely gain control of vulnerable systems. With OS X, systems are safe by default and not exposed to remote exploits of bash unless users configure advanced UNIX services. We are working to quickly provide a software update for our advanced UNIX users.

 

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.