Search the Community

Hello, Just to warning all server admins that still dont know about "shellshock" security risk, to test and update imidiatly the servers, or else.... Full details here: https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/ http://forums.cpanel.net/f185/bash-code-injection-vulnerability-via-specially-crafted-environment-variables-cve-2014-6271-a-429671.html https://www.webhostingtalk.com/showthread.php?t=1414839 https://access.redhat.com/articles/1200223 The fix, still dosent fix 100% of the problem, but helps: 100% Resolved on Bash Update: https://access.redhat.com/security/cve/CVE-2014-6271 Still not resolved: 100% Resolved on Bash Update: https://access.redhat.com/security/cve/CVE-2014-7169 Fix for CVE-2014-6271 and CVE-2014-7169 On SSH execute the folowing For Red Hat Linux Distros or CloudLinux Just do this: yum clean all yum update bash For Ubuntu/Debian do this: apt-get update apt-get upgrade To check if you are running the latest Bash, do this: rpm -qa bash You dont need to reboot the server. You have to have in Red Hat 6, at least version 5.2 of bash. Dont ignore this or you will get real nightmares ===================== Here some test tools to detect some of the "shellshock" security: http://shellshock.brandonpotter.com/ http://www.shellshocktest.com/ Use the above test links at your own risk =====================