Order a VPS, Semi- dedicated or Dedicated server in Dallas, London or Australia.

Ask our support team about your hosting requirements.

Support

Host where the staff takes pride in making customers happy

I was very impressed with Rimuhosting set-up so far. It seems nearly perfect. It is so nice working with someone who exhibits such a high degree of competence in his offering's etc.

- John (#330/338)

Home > Support > Notices > CVE-2014-6271: serious bash vulnerability (shellshock)

Related Links

Notice Links:

Notice

CVE-2014-6271: serious bash vulnerability (shellshock)

Posted	Wed, 24 Sep 2014 21:59 PM UTC Wed, 24 Sep 2014 17:59 PM EDT
Last Update	Thu, 2 Oct 2014 22:10 PM UTC (498 weeks ago) Thu, 2 Oct 2014 18:10 PM EDT
Status	Open
Shellshock update at 3 October What a busy few days! Security researchers have found a few related bugs. And there are now (as of a day or two ago) patches for all of them. We been working night and day to create a deshellshock script (if you are a syadamin, please feel free to review and provide improvements at https://github.com/pbkwee/deshellshock ). We have created a page where customers can review the status of our running that script on their servers. So you can see if you were vulnerable (tip: you were) and whether we can detect any current vulnerabilities after applying any changes. To review the status of your servers go to http://rimuhosting.com/cp/shellshock.jsp We have emailed customers where we have access to all their servers and cannot detect the vulnerability on any of their servers. We are continuing to work on the deshellshock script for other customers to see if we can get it working for even more servers. If the shellshock page reports we cannot log in, please enable our login (per https://rimuhosting.com/knowledgebase/rimuhosting/rimuhosting-ssh-access) Shellshock: the bash vulnerability There is a vulnerability (actually a set of vulnerabilities) in most versions of bash. http://www.csoonline.com/article/2687265/application-security/remote-exploit-in-bash-cve-2014-6271.html Bash is used in a variety of ways. Via web scripts. OpenSSH environment variables. And probably a number of other ways no one has thought of yet. This means there are potentially many ways (vectors) this vulnerability could be exploited. So it is very important to fix this issue. Patching the vulnerability To check if you are vulnerable, first check http://rimuhosting.com/cp/shellshock.jsp This will report the results of https://github.com/pbkwee/deshellshock running on your server. If we do not have access to your server you can run download and run https://github.com/pbkwee/deshellshock or submit a ticket via http://rimuhosting.com/cp/shellshock.jsp for us to manually do that for you. For modern, supported distros you can simply run apt-get install bash. Or yum install bash. To install the fixes. This should work fine on Centos 7, Centos 6, Debian 7. And Debian 6 if you are using the lts repositories. #

Keep You Updated?

Log in to subscribe to changes to this notice.

Set your contact details for future notifications.

RimuHosting : Server hosting service. A Rimu Hosting Ltd business. RimuHosting services include:

Launchtime™ VPS servers.

RimuHosting™ Dedicated servers.

Pingability™ Website monitoring service.

Woop! Host™ Managed Wordpress hosting.

Bakop™ Remote storage account service.

Zonomi™ DNS hosting service.

25 Mail St.™ Managed email hosting.

© RimuHosting Ltd 2002-2024. Rimuhosting, Launchtime and the Rimuhosting logo are RimuHosting™ trademarks.