Categories: Hosting NewsSecurity

Major Bash Vulnerability Fixed on All Servers

A major security flaw was discovered in the most popular shell (Bash) which is used by default in many Linux and Unix distributions. A shell is a program that takes your commands (accessing folders, listing files, etc.) that you type and sends them to the operating system to be executed. The Bash vulnerability, also known as Shellshock, allows attackers to issue arbitrary commands via crafted environment variables.

The bad thing about this specific vulnerability is that it is fairly easy to craft such a request and attack a server. In addition, the vulnerability affects all types of devices and not only web servers - routers, some mobile devices, Linux computers and even Mac OS X devices are also affected. There is a simple test that will show you if you’re vulnerable. Just run the following command within your shell:

env X="() { :;} ; echo BUSTED" /bin/sh -c "echo test"

If you see the word “BUSTED” echoed back then your Bash version is vulnerable and you have to update.

Now that you’re scared it’s time for the good news. All SiteGround servers were patched in less than 24 hours the vulnerability was announced. In addition, our unique server setup including the special chroot isolation has made it highly unlikely for any attacker to have been able to utilize this vulnerability and gain access to sensitive information even before the patch.

If you have an account on our servers you don’t need to do anything because we’ve got you covered. However, please remember that this vulnerability also affects other devices and not only web servers. If you’re using Linux as your operating system you need to update Bash to the latest available stable version just to make sure that you’re not at risk.

Daniel Kanchev: My challenging job is closely related to all kinds of Free and Open-Source Software products (some of my favorites are WordPress, Joomla!, Magento, Varnish and Apache mod_security). As a Web security and performance freak I am always hyper focused on solving all kinds of issues and improving our services.

View Comments