Test with the following (paste into a shell prompt):
env x='() { :;}; echo vulnerable’ bash -c “echo this is a test”
If you’re vulnerable, you’ll see this:
$ env x='() { :;}; echo vulnerable’ bash -c “echo this is a test”
vulnerable
this is a test
To fix it:
In CentOS:
yum update bash
In Ubuntu:
apt-get install bash
When you run the text code again, you should see this:
$ env x='() { :;}; echo vulnerable’ bash -c “echo this is a test”
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x’
this is a test
If you’re using Salt Stack, you could run this to update all your minions’ bash installs:
salt ‘*’ pkg.install bash
There are some more sophisticated ways to do it, especially for larger environments, but I figured I’d mention it.
No comments:
Post a Comment