Follow

How to remediate your on premise server against 'Shellshock'

How to test if you are effected by the "Bashbug" or "Shellshock" vulnerability

To test if your on-premise deployment is vulnerable to the bash vulnerability run the following command in a 
console:

env x='() { :;}; echo vulnerable' bash -c 'echo hello'

 

If your system is vulnerable you will see the following output:

 

vulnerable hello

 

If your system is not vulnerable you will see the following output:

bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
hello

 

How to remediate your deployment

 

The remediation will depend on which version of the Ubuntu Operating system you are running. To check which version you are running type the following in to your command line:

lsb_release -a

 

Updating Ubuntu 12.04

For VisibleThread VM's running Ubuntu 12.04, the easiest way to apply the upgrade path is to run the in-built Ubuntu package upgrader. Note this will only work if your VisibleThread VM has access to the Ubuntu update repositories on the internet.

To update directly from the Ubuntu repositories run the following:

 

sudo apt-get update && sudo apt-get install bash

 

dpkg -s bash | grep Version

 

This should output 'Version: 4.2-2ubuntu2.3' . Your system has now been patched.

 

If your VisibleThread VM does not have access to the Ubuntu update repositories on the internet you can upload and deploy the required packages manually.

Attached to this post are three patch files, 'bash_4.2-2ubuntu2.3_amd64.deb', 'bash-builtins_4.2-2ubuntu2.3_amd64.deb' and 'bash-static_4.2-2ubuntu2.3_amd64.deb'

 

Upload these files to your VisibleThread appliance via SSH (Secure Shell) using port 22. The easiest way to do this is to use on of a number of freely available tools such as FileZilla (http://filezillaproject.org/) or WinSCP (http://www.winscp.net).

Connect to your Virtual Appliance using the following details:

- IP Address: The IP Address of your Virtual Appliance

- username: visiblethread

- Password: password (unless changed after deployment)

- Port: 22

 

Now upload the patch files to:

 

/home/visiblethread

 

Next, log on to the VisibleThread appliance console and execute the following commands:

  

sudo dpkg -i bash_4.2-2ubuntu2.3_amd64.deb bash-builtins_4.2-2ubuntu2.3_amd64.deb bash-static_4.2-2ubuntu2.3_amd64.deb


dpkg -s bash | grep Version

 

 This should output 'Version: 4.2-2ubuntu2.3' . Your system has now been patched.

 

Updating older VisibleThread VM versions

For older VisibleThread VM's running a previous Ubuntu OS, there is no pre-built package available. For details on how to patch these VM's contact our support team at support@visiblethread.com

 

 If you have any questions or would like to talk please contact us : support@visiblethread.com

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

0 Comments

Article is closed for comments.