Bash Bug: Check and Fix on Ubuntu!

Asif Ahmed

If you are a sysadmin and are running any version of Linux you need to update your servers right now to fix a Bash bug. There was an exploit found in Bash today – source (http://www.theverge.com/2014/9/24/6840697/worse-than-heartbleed-todays-bash-bug-could-be-breaking-security-for).

Here is how to check if you are vulnerable. Log into to your server and run the command below.

If in the output of that command, you see it output “vulnerable”, then you are vulnerable. If you see the message about an error then you are not vulnerable (whew!).

UPDATE

There was a new vulnerability found (check out these links – http://nothingjustworks.com/bash-patched-again-cve-2014-7169/ and https://access.redhat.com/articles/1200223)

If you run this command –

and see an actual date you are vulnerable still. Please upgrade Bash.

END OF UPDATE

That sounds bad, but here is how you fix that bug on Ubuntu (Ubuntu has updated their packages)

You can try to test again to see if this fixed it (and it should have). Also if you have yum as a package manager (if you are using the Amazon AMI for example), the following commands should work.

For more insight on how to fix this bug on Macs check out this link on the Apple stackexchange – http://apple.stackexchange.com/questions/146849/how-do-i-recompile-bash-to-avoid-the-remote-exploit-cve-2014-6271.

Also there is a thread about this topic on HackerNews and Reddit.

Fix this exploit now!

Check out http://www.madpad.me/bash to copy/paste links easily.