We wanted to let you know that today, a critical vulnerability in bash(Bourne-Again-SHell) was disclosed by Stephane Chazelas.
This vulnerability is so critical that even if you have Two-Factor Authentication an attacker would be able to by-pass the two-factor verification and execute commands remotely on your server.
We recommend you update now.
Here's a few things to help you:
To test if you are vulnerable you can use the following command:
env t='() { :;}; echo You are vulnerable.' bash -c "true"
If it prints "You are vulnerable" you need to upgrade as soon as possible. Patches for the major Linux distributions have been already released.
If you are using a Ubuntu or Debian type the following commands to apply the security patch:
apt-get updateapt-get upgrade
If you are using RedHat, CentOS or Fedora type the following commands to apply the security patch:
yum clean allyum update bash
If you want to know more about this vulnerability please read the following thread on the oss-sec mailing list:
Comments