Single Blog

BASH Exploit can take control of your server, experts warn bigger than Heartbleed

September 25, 2014, Written by 0 comment

A newly discovered security bug in a widely used piece of Linux software called “Bash” could pose a bigger threat to computer users than the “Heartbleed” bug that previously caused wide spread panic amoung system admins in April earlier this year.

Bash is used to control the command prompt on most Unix computers. Hackers can exploit a bug in the software to take complete control of a targeted system.

The major attack points that experts have identified are HTTP requests and CGI scripts.  Another attack point is via OpenSSH, through the use of AcceptEnv variables. Also through TERM and SSH_ORIGINAL_COMMAND. An environmental variable with an arbitrary name can carry a nefarious function which can enable network exploitation.

The previous Heartbleed bug allowed hackers to actively spy on computers. but not take control of them.

Security Experts are advising that updates are completed immediately to reduce the possibility of being exposed to the exploit.

To test whether your machine is affected by the exploit, type the following in your terminal –

env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

If this is your result, you need to update BASH urgently:

vulnerable this is a test

To update BASH with YUM, simply type

yum update bash

You should now be secured from the exploit.

James Ensor