How do I update my VPS to address the 'Shell Shock' vulnerability?

To make it easier to get in touch with us, from the 24th of March 2016 all support tickets will need to be submitted from your Crucial Control Panel.

On September 25, 2014 information on a serious vulnerability in the bash shell was released publicly, this was dubbed 'Shell Shock'. This guide will assist you in ensuring that your server is not vulnerable to this.

Please note that this only affects customers that run Linux on their VPS

  1. Login to your server via SSH
  2. Check if you are vulnerable by typing the following commands

    env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

    env -i  X='() { (a)=>\' bash -c 'echo date'; cat echo

  3. If you are vulnerable the commands will produce output similar to the following

    vulnerable
    this is a test

    date
    Fri Sep 26 02:43:21 UTC 2014

  4. The commands to fix this depend on the Operating System installed

    CentOS/cPanel/CloudLinux based

    • Update only bash by running the following commands

      yum clean all
      yum update -y bash

      * Cloudlinux customers who are using CageFS will need to run the following command in addition to the above *

      • cagefsctl --force-update

    • Once updated the commands from step 2 will result in the following output

      this is a test

      date
      cat: echo: No such file or directory

    Debian/Ubuntu based

    • Update only bash by running the following command

      apt-get update && apt-get install -y bash

    • Once updated the commands from step 2 will result in the following output

      this is a test

      date

Please note that that the OS vendor is responsible for making the patch available in their repositories, if you are still vulnerable Crucial is unable to assist.

Was this article helpful?
2 out of 2 found this helpful
Have more questions? Submit a request

Comments

Powered by Zendesk