A critical vulnerability in bash (Bourne-Again-SHell) was disclosed

We wanted to let you know that today, a critical vulnerability in bash(Bourne-Again-SHell) was disclosed by Stephane Chazelas.

This vulnerability is so critical that even if you have Two-Factor Authentication an attacker would be able to by-pass the two-factor verification and execute commands remotely on your server.

We recommend you update now.

Here's a few things to help you:

To test if you are vulnerable you can use the following command:

env t='() { :;}; echo You are vulnerable.' bash -c "true"

If it prints "You are vulnerable" you need to upgrade as soon as possible. Patches for the major Linux distributions have been already released.

If you are using a Ubuntu or Debian type the following commands to apply the security patch:

apt-get update

apt-get upgrade

If you are using RedHat, CentOS or Fedora type the following commands to apply the security patch:

yum clean all

yum update bash

If you want to know more about this vulnerability please read the following thread on the oss-sec mailing list:

http://seclists.org/oss-sec/2014/q3/650

A critical vulnerability in bash (Bourne-Again-SHell) was disclosed

Related

Comments