\' sh -c "echo date"; cat echo if your bash writes "vulnerable or date" you do have the Shellshock bug on your distribution and have to fix it. Which shell do i use? Try the following commands to see what shell you are using. echo $SHELL ps -p $$ Resolve Shellshock vulnerability open putty on windows or terminal on Mac and connect fia SSH to your Debian server apt-get update; apt-get upgrade; (Attention for old systems. Restarts" /> \' sh -c "echo date"; cat echo if your bash writes "vulnerable or date" you do have the Shellshock bug on your distribution and have to fix it. Which shell do i use? Try the following commands to see what shell you are using. echo $SHELL ps -p $$ Resolve Shellshock vulnerability open putty on windows or terminal on Mac and connect fia SSH to your Debian server apt-get update; apt-get upgrade; (Attention for old systems. Restarts" />

Fix Shellshock under Debian Linux

Most think that the Shellshock security issue is more harmful than Heartbleed. This might be right, because most Linux distributions use bash as shell and not every Linux distribution including Mac OS X uses Open SSL for encryption. I show how to update your Bash on a Debian Linux.

Test Debian vulnerability

  • open putty on windows or terminal on Mac and connect fia SSH to your Debian server
  • write the following code in the command line:
  • x='() { :;}; echo vulnerable' bash
  • env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
  • env X='() { (a)=>\' sh -c "echo date"; cat echo
  • if your bash writes „vulnerable or date“ you do have the Shellshock bug on your distribution and have to fix it.

Which shell do i use?

Try the following commands to see what shell you are using.

  • echo $SHELL
  • ps -p $$

Resolve Shellshock vulnerability

  • open putty on windows or terminal on Mac and connect fia SSH to your Debian server
  • apt-get update;
  • apt-get upgrade; (Attention for old systems. Restarts services)

Sei sozial und teile

Über den Autor Andreas Grundner

Ich bin Wordpress, Joomla, Typo3 Integrator, Unix Rootserver Administrator und Webanwendungsprogrammierer. Mittlerweile habe ich über 70 Webprojekte weitgehend selbstständig mit enger Kundenabsprache realisiert. Ich bin auf One Page Websites auf Wordpress-Basis spezialisiert, biete aber auch Suchmaschinenoptimierung (SEO), Blogs, Facebook, Youtube und Google+ Seiten an. Meine Verpflichtung gilt dem Datenschutz, meine Leidenschaft dem Finden und Aufzeigen von Sicherheitslücken in Webanwendungen.

Meinung sagen

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert.