Security – The BASH Bug Gives Us Shellshock

Oh dear…here we go again. And this one is a biggie! (If you only use Windows systems and servers, then you are probably not vulnerable to this. You can sit back and watch all us Linux/UNIX people squirm…which you don’t get to do very often!!)

A vulnerability has been found in the BASH shell, which runs on most Linux/UNIX systems. And when I say most, I mean LOTS of systems. Known as Shellshock, some believe this will end up being worse than Heartbleed. And that’s saying a lot. To stay up to date on this issue I would recommend several things…

Visit SANS Internet Storm Center at:   They have a number of detailed articles concerning Shellshock and mitigation procedures.

I would also visit the main websites of whatever flavor Linux distro you are using, such as They will also have updated information for mitigation and testing.

For an example, I use CentOS on several systems. Patching them was rather simple…just run “yum update bash”…

BASH update example on CentOS

BASH update example on CentOS

Note: Further testing has revealed that the initial patches have not completely solved the problem, although they have helped. Don’t just run this quick update and think you are done. Stay updated on this issue as noted above…network security is a constant vigil.