Critical security flaw on Linux default shell "bash"
-
Saturday, 27th September, 2014
-
17:01pm
Dear customer
On the evening of 24th Sept, 2014) a security issue on the wide-spreaded linux default shell "bash" was released under tracking id CVE-2014-6271.
This security hole allows the remote execution of code by the internet and allows to take over control of your system. Therefore it's necessary to update your system immediately.
Most linux distributors have already released an updated bash package which can be installed with your packet manager.
You can check on ssh if your system is vulnerable by using the following command:
$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
vulnerable this is a test
On an already patched system the output will be as follow:
$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test
For further assistance with updating your system our technical support will be happy to assist you.
Kind regards
Your Support-Team