After the Heartbleed bug new critical remotely exploitable vulnerability has been discovered in the Linux and Unix command-line shell script Bourne Again Shell, known as Bash.
How it works?
Basically if you are using an outdated bash version on your server, an attacker can create environment variables with specially-crafted values before calling the bash shell. These variables can contain code, which gets executed as soon as the shell is invoked.
Who is affected by the bug?
The bash bug vulnerability a.k.a.”CVE-2014-6271″ affects all Bash versions from 1.14 through 4.3. Which in other words means that it affect millions of systems as bash is a common shell widely used for system management and executing commands on server level.
How to protect yourself?
The bug can be easily fixed by updating your bash script to the latest available version of “bash-4.1.2-15.el6_5.1”. You can easily do that by executing the following commands on your server:
# yum update bash
When the Bash script is updated to the latest available version your system would be protected from the bug.
Where to find more information?
If you are TMDHosting client there is nothing to worry about. All of our servers are already patched in day zero against the bash bug.
As usual we will be following the topic and, in case there any further important updates, we will continue to inform you with all the latest details.