Major Bash Vulnerability Fixed on All Servers

bash

A major security flaw was discovered in the most popular shell (Bash) which is used by default in many Linux and Unix distributions. A shell is a program that takes your commands (accessing folders, listing files, etc.) that you type and sends them to the operating system to be executed. The Bash vulnerability, also known as Shellshock, allows attackers to issue arbitrary commands via crafted environment variables.

The bad thing about this specific vulnerability is that it is fairly easy to craft such a request and attack a server. In addition, the vulnerability affects all types of devices and not only web servers – routers, some mobile devices, Linux computers and even Mac OS X devices are also affected. There is a simple test that will show you if you’re vulnerable. Just run the following command within your shell:

env X="() { :;} ; echo BUSTED" /bin/sh -c "echo test"

If you see the word “BUSTED” echoed back then your Bash version is vulnerable and you have to update.

Now that you’re scared it’s time for the good news. All SiteGround servers were patched in less than 24 hours the vulnerability was announced. In addition, our unique server setup including the special chroot isolation has made it highly unlikely for any attacker to have been able to utilize this vulnerability and gain access to sensitive information even before the patch.

If you have an account on our servers you don’t need to do anything because we’ve got you covered. However, please remember that this vulnerability also affects other devices and not only web servers. If you’re using Linux as your operating system you need to update Bash to the latest available stable version just to make sure that you’re not at risk.

Daniel Kanchev

Product and Technology Lead

Daniel is responsible for bringing new products to life at SiteGround. This involves handling all types of tasks and communication across multiple teams. Enthusiastic about technology, user experience, security and performance, you can never be bored hanging around him. Also an occasional conference speaker and travel addict.

Comments ( 6 )

author avatar

Nick

Sep 25, 2014

Thank you, SiteGround! Glad you're on top of things.

Reply
author avatar

Johan

Sep 26, 2014

Thanks siteground. Happy to hear you're very reactive

Reply
author avatar

Andreas

Sep 26, 2014

Excellent! This is why SiteGround rocks.

Reply
author avatar

Adam

Sep 26, 2014

I red about this bash, came here to check for any info and it's all fixed already. Wow! That's why SiteGround is THE BEST and that's why (among many other great things siteground offers) I switched from 1and1 where I hosted my websites for the past 12 years. Thanks Guys and Girls ! :) Adam

Reply
author avatar

Anna

Sep 29, 2014

Great job as always.

Reply
author avatar

Ruel

Oct 13, 2014

thanks siteground.. great job

Reply

Start discussion

Related Posts