The Information Security Office informed the Information Technology community of a remote code execution vulnerability in the bash command language.
This exploit affects most Linux distributions:
- RedHat/Fedora (and CentOS)
- Ubuntu/Debian
- SuSE
ETS is patching the RedHat and CentOS systems we manage. If you know that you manage your own RedHat, Fedora or CentOS system, the command to update bash is:
sudo yum update bash
ETS does not have tools to remotely patch Ubuntu, Debian, or SuSE type systems. If your system is one these, we strongly encourage you to patch your systems as soon as possible. On Ubuntu/Debian and SuSE the commands are:.
sudo apt-get update (to update the package lists)
sudo apt-get install bash (to upgrade just the bash package)
OR
sudo apt-get update (update the package lists)
sudo apt-get upgrade (upgrade all packages on the system)
Find out if your system is vulnerable
The following harmless command will tell you if your bash is vulnerable.
env x='() { :;}; echo Your system is vulnerable' bash -c "echo Test script"
VULNERABLE output
Your system is vulnerable
Test script
Not Vulnerable response
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x’
Test script
