A new vulnerability that may affect millions of computers, devices and servers has been discovered. Almost all Linux and Unix operating systems’ versions, along with Mac OS X (based on Unix) stand to get potentially affected by this newly discovered bug.

The bug called ‘Bash Bug’ or ‘Shellshock’ occurs in software component Bash or Bourne-Again Shell, a command prompt used majorly on a number of computers utilizing Unix operating system for allowing users to perform actions through a command-line interface. Unix OS forms the basis of multiple other operating systems, like Linux and Mac OS. On successful exploitation, this bug could permit an attacker to gain complete control of the targeted computer.

Some experts say that this bug is much more serious than the Heartbleed vulnerability that was discovered in April. According to this piece of news from BBC, “Some 500,000 machines worldwide were thought to have been vulnerable to Heartbleed. But early estimates, which experts said were conservative, suggest that Shellshock could hit at least 500 million machines.”

Which systems will get affected?

The problem is especially serious as multiple web servers are running the Apache system, software that includes the Bash component. The systems with the following software will get affected:

  • GNU Bash through 4.3.
  • Linux, BSD, and UNIX distributions including but not limited to:
    • CentOS 5 through 7
    • Debian
    • Mac OS X
    • Red Hat Enterprise Linux 4 through 7
    • Ubuntu 10.04 LTS, 12.04 LTS, and 14.04 LTS

How can I check if I am vulnerable?

In order to check vulnerability, run this command:

env x='() { :;}; echo vulnerable’ bash -c “echo this is a test”

If it shows the following output, it means that there is no vulnerability and you don’t need to worry about the attack!

———-
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x’
this is a test
———-

If it shows the below output, it means that you are vulnerable and prone to attack.

———-
vulnerable
this is a test
———-

ZNetLive has taken necessary steps to protect its customers

Our security team has taken all the measures to ensure that all of customers’ website and servers are secure from the Bash Bug vulnerability. All Web hosting customers can rest assured of being secure. For customers with dedicated servers and VPS from ZNetLive, we’re in the process of making the requisite updates for the customers whose server access details are available with us. Customers with dedicated servers or VPS whose server access details are not with us are advised to provide us with the same at the earliest.

Services ZNetLive offer:

Buy Domain Names

Shared Hosting

WordPress Hosting

VPS Hosting

Dedicated Server

Do I need to take any steps to protect my website/server?

ZNetLive has taken necessary steps for its web hosting customers and for dedicated server/VPS customers whose server access details are with us. Customers whose server access details are not with us are advised us to provide us with the same at the earliest so that our security team can do the needful. Alternatively, you can also implement the steps listed below yourself.

System Administrators

1) Linux OS with cPanel

Run the below command on shell:

/scripts/upcp

If you do not want to run the above command or it does not work, you can also download and install the bash package from the mirrors. For example, bash package for Centos Linux 6.5 64 bit OS can be downloaded from here:

Mirror URL:  http://mirror.centos.org/centos/6.5/updates/x86_64/Packages/

And installed like:

wget http://mirror.centos.org/centos/6.5/updates/x86_64/Packages/bash-4.1.2-15.el6_5.1.x86_64.rpm

rpm -Uvh bash-4.1.2-15.el6_5.1.x86_64.rpm

2) Core Linux OS without cPanel

Run the following command on all server:

yum -y upgrade bash

This will upgrade the bash in your Linux box.

3) Ubuntu

Run the following command on all server:

apt-get upgrade bash

Website owners

Any website owner or business with an online presence are at risk from this bug and they need to be aware that attackers may get access to their data and network if this bug is exploited on their system. Therefore, they need to apply patches as soon as possible.

Security advisories have been provided by Linux vendors for this new bug alongwith patching information:

In case a patch is not there for a particular Unix or Linux distribution, users are recommended to change to another shell till the patch becomes available.

Customers

It is recommended that customers apply patches to all their web enabled devices, routers etc. whenever they are made available by their vendors.

Conclusion

ZNetLive, in its capacity and position as a secure and reliable web host has addressed the Bash Bug issue to safeguard the servers from getting affected from this vulnerability. We take matters related to your security seriously and you can contact us anytime you need to discuss about this issue.

We will keep you posted about any new development on this front.

Jyotsana Gupta

Jyotsana Gupta - the content and communication head, is an engineer by education and a writer at heart. In technical writing for 8 years, she makes complex topics interesting to general audience. She loves going on long drives in her spare time.
Jyotsana Gupta