BASH Exploit can take control of your server, experts warn bigger than Heartbleed
A newly discovered security bug in a widely used piece of Linux software called “Bash” could pose a bigger threat to computer users than the “Heartbleed” bug that previously caused wide spread panic amoung system admins in April earlier this year.
Bash is used to control the command prompt on most Unix computers. Hackers can exploit a bug in the software to take complete control of a targeted system.
The major attack points that experts have identified are HTTP requests and CGI scripts. Another attack point is via OpenSSH, through the use of AcceptEnv variables. Also through TERM and SSH_ORIGINAL_COMMAND. An environmental variable with an arbitrary name can carry a nefarious function which can enable network exploitation.
The previous Heartbleed bug allowed hackers to actively spy on computers. but not take control of them.
Security Experts are advising that updates are completed immediately to reduce the possibility of being exposed to the exploit.
To test whether your machine is affected by the exploit, type the following in your terminal –
env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
If this is your result, you need to update BASH urgently:
vulnerable this is a test
To update BASH with YUM, simply type
yum update bash
You should now be secured from the exploit.