Do this before anything,
if CentOs
yum -update bash
Read these articles:
https://shellshocker.net/http://bashsmash.ccsir.org/http://www.shellshocktest.com/https://access.redhat.com/articles/1200223http://blog.sucuri.net/2014/09/bash-vulnerability-shell-shock-thousands-of-cpanel-sites-are-high-risk.html
NIX System Administrators
You’re in luck with this one, identifying if you’re vulnerable is easier than previous vulnerabilities. Log into your server and via terminal run this command:
[root@yourawesomeserver ~]# env x='() { :;}; echo vulnerable' bash -c 'echo hello'
If you are vulnerable it will return:
[root@yourawesomeserver ~]# env x='() { :;}; echo vulnerable' bash -c 'echo hello'
vulnerable
hello
To fix it will depend on your NIX distribution but you will want to reinstall or update, which ever you prefer:
#sudo apt-get install bash
- or -
#sudo yum update bash
Once complete, rerun the test and you will get:
[root@yourawesomeserver ~]# env x='() { :;}; echo vulnerable' bash -c 'echo hello'
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
hello
I patched our server, so we're safe, but you better go patch your systems NOW!