Major Bash Vulnerability Fixed on All Servers

bash

A major security flaw was discovered in the most popular shell (Bash) which is used by default in many Linux and Unix distributions. A shell is a program that takes your commands (accessing folders, listing files, etc.) that you type and sends them to the operating system to be executed. The Bash vulnerability, also known as Shellshock, allows attackers to issue arbitrary commands via crafted environment variables.

The bad thing about this specific vulnerability is that it is fairly easy to craft such a request and attack a server. In addition, the vulnerability affects all types of devices and not only web servers - routers, some mobile devices, Linux computers and even Mac OS X devices are also affected. There is a simple test that will show you if you’re vulnerable. Just run the following command within your shell:

env X="() { :;} ; echo BUSTED" /bin/sh -c "echo test"

If you see the word “BUSTED” echoed back then your Bash version is vulnerable and you have to update.

Now that you’re scared it’s time for the good news. All SiteGround servers were patched in less than 24 hours the vulnerability was announced. In addition, our unique server setup including the special chroot isolation has made it highly unlikely for any attacker to have been able to utilize this vulnerability and gain access to sensitive information even before the patch.

If you have an account on our servers you don’t need to do anything because we’ve got you covered. However, please remember that this vulnerability also affects other devices and not only web servers. If you’re using Linux as your operating system you need to update Bash to the latest available stable version just to make sure that you’re not at risk.

Enterprise Cloud Solutions Architect

My challenging job is closely related to all kinds of Free and Open-Source Software products (some of my favorites are WordPress, Joomla!, Magento, Varnish and Apache mod_security). As a Web security and performance freak I am always hyper focused on solving all kinds of issues and improving our services.

6 Comments

  1. Reply September 25, 2014 / 17:40 NickSiteGround Team

    Thank you, SiteGround! Glad you're on top of things.

  2. Reply September 25, 2014 / 23:10 JohanSiteGround Team

    Thanks siteground. Happy to hear you're very reactive

  3. Reply September 26, 2014 / 04:44 AndreasSiteGround Team

    Excellent! This is why SiteGround rocks.

  4. Reply September 26, 2014 / 12:41 AdamSiteGround Team

    I red about this bash, came here to check for any info and it's all fixed already. Wow! That's why SiteGround is THE BEST and that's why (among many other great things siteground offers) I switched from 1and1 where I hosted my websites for the past 12 years.
    Thanks Guys and Girls ! 🙂

    Adam

  5. Reply September 29, 2014 / 14:07 AnnaSiteGround Team

    Great job as always.

  6. Reply October 13, 2014 / 04:15 RuelSiteGround Team

    thanks siteground.. great job

Reply to Adam Cancel

* (Required)