Shellshock is a new vulnerability that allows attackers to put code onto your machine, which could put your Ubuntu Linux system at a serious risk for malicious attacks.
Shellshock uses a bash script to access your computer. From there, hackers can launch programs, enable features, and even access your files. The script only affects UNIX-based systems (linux and mac).
You can test your system by running this test command from Terminal:
env x='() { :;}; echo vulnerable' bash -c 'echo hello'
If you're not vulnerable, you'll get this result:
bash: warning: x: ignoring function definition attempt bash: error importing function definition for `x' hello
If you are vulnerable, you'll get:
vulnerable hello
You can also check the version of bash you're running by entering:
bash --version
If you get version 3.2.51(1)-release as a result, you will need to update. Most Linux distributions already have patches available.
-----------
If your system is vulnerable make sure your computer has all critical updates and it should be patched already. if you are using a version of Ubuntu that has already reached end of life status (12.10, 13.04, 13.10, etc), you may be screwed and may need to start using a newer version of Ubuntu.
This should update Bash for you so your system is not vulnerable...
sudo apt-get update && sudo apt-get install --only-upgrade bash
0 comments:
Post a Comment