You may have seen the news about the latest big vulnerability to hit unix systems, that has been dubbed “Shellshock”. It has been given a CVE ID of CVE-2014-6271 (and a follow-up of CVE-2014-7169).

In short, versions of bash as far back as 1.14.0 (From July 1994!) up to 4.3 processes code after function definitions in the values of environment variables, which would potentially allow remote-attackers to execute arbitrary code by sending specially crafted communications to vulnerable servers.

How can I fix this?

If you have a managed server, our engineering team are already all-over this, and you’ll probably find that your server has already been patched.

If not the solution is (thankfully) pretty straight forward (assuming you’re using a supported version of your distro of choice!). We’ve made a nifty little script that should (in most circumstances) check for the vulnerabilities and new, patched versions of bash. Running this one-liner as root or via ‘sudo’ should be all you need to do!

$ wget http://melbourne.co.uk/resources/downloads/scripts/shellshock_fix.sh -O- | sudo -i bash

For more technical information on this, you can read this blog post which explains the bug in more detail.