Read full details here: Check for Shellshock Bash Vulnerability and how to fix it
Read the rest of it here: Check for Shellshock Bash Vulnerability and how to fix it
A flaw was found in the way Bash evaluated certain specially crafted environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Certain services and applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue. In this guide we will show how to check for Shellshock Bash Vulnerability and how to fix it in multiple Linux Operating systems such as Debian based Ubuntu, Linux Mint and Red Hat Based CentOS, Fedora distributions.
The GNU Bourne Again shell (Bash) is a shell and command language interpreter compatible with the Bourne shell (sh). Bash is the default shell for Red Hat Enterprise Linux. Red Hat (and rest of the open source community) would like to thank Stephane Chazelas for reporting this issue.
All bash users are advised to upgrade to these updated packages, which contain a back-ported patch to correct this issue.
The Shellshock vulnerability can be exploited on systems that are running Services or applications that allow unauthorized remote users to assign Bash environment variables. Examples of exploitable systems include the following:
- Apache HTTP Servers that use CGI scripts (via
mod_cgi
andmod_cgid
) that are written in Bash or launch to Bash sub-shells - Certain DHCP clients
- Open SSH servers that use the
ForceCommand
capability - Various network-exposed services that use Bash
For additional information on the CVE-2014-6271 and CVE-2014-7169. flaw, refer to the Knowledge base article athttps://access.redhat.com/articles/1200223
Contents [hide]
How to check for Shellshock Bash Vulnerability?
Read the rest of it here: Check for Shellshock Bash Vulnerability and how to fix it
No comments:
Post a Comment