Patch the 'Shellshock' Vulnerability

September 2014

Your server might be vulnerable to a bug called Shellshock, which is a mistake in the code of a program called Bash, typically installed on Linux servers. The bug allows someone to send commands to computers which they should not have access to. This document contains instructions on how to manually check the vulnerability of your Linux server.

If you have any questions or need help checking your server, please e-mail us at support@simplyhosting.cloud or call us at 020 3697 5537 Monday through Friday between 8am - 6pm GMT.

Shellshock Vulnerability Manual Check

Follow the instructions below to determine if your server is vulnerable to Shellshock (you will need to repeat these steps for each of the Linux servers you might have):

Windows Server 2008 R2:

  1. Log into your server as root via SSH
  2. Run the following command:
    env x='() { :;}; echo vulnerable' bash -c "echo Shellshock"

A system affected by the bug should return the following:

vulnerable
Shellshock

On the other hand, a secure system should return the following:

bash:warning: x: ignoring function definition attempt
bash: error importing function definition for ‘x’
Shellshock

If your system is vulnerable, you can secure it by following the instructions below based on the Linux distribution on your server:

Ubuntu and Debian servers:

  1. Log into your server as root via SSH
  2. Run the command: apt-get update
  3. Now run the command: apt-get install bash
  4. Once this command has completed, rerun the above vulnerability test and you should see that your system is now secure

RedHat and CentOS servers:

  1. Log into your server as root via SSH
  2. Run the command: yum update bash
  3. Once this command has completed, rerun the above vulnerability test and you should see that your system now passes the vulnerability

* The offer is £100 Cloud Hosting credit when purchasing any Cloud Hosting plan using the displayed voucher code. This credit is only redeemable for 30 days following the qualifying purchase. This offer is restricted to new customers only, cannot be applied to renewals and used in conjunction with any other offer and may be withdrawn at any time at the discretion of Simply Cloud Limited. Any customers who do not use the voucher code - 100CREDIT, will receive £10 credit, this credit is only redeemable for 30 days following the qualifying purchase. All prices displayed are exclusive of VAT, please note, for EU customers VAT rates payable will be subject to your country of residence.