Bash Bug

Patch Bash NOW, Linux, UNIX, Mac OS X Bash Shellshock Code Injection Vulnerability

One critical security hole exist in Unix/Linux based system just got uncovered today. Bash is a Unix shell written by Brian Fox for the GNU Project as a free software replacement for the Bourne shell (sh). A security bug in Bash, could create a bigger threat to computer users than the "Heartbleed" bug in OpenSSL. For many Unix or Linux personal computer, this might not be a really big issue. For Unix or Linux based Web servers, it's a critical problem. Most of the servers are using Linux system.

"Shellshock" Bug detail: CVE-2014-6271 remote code execution through bash which allows unauthorized disclosure of information, unauthorized modification, and allows disruption of service. Vulnerability mostly is exploitable over the network. HTTP requests to CGI scripts have been identified as the major attack vector so far.

How to fix/patch Bash?


apt-get update && sudo apt-get upgrade

or if you just want to update bash:

apt-get update && sudo apt-get install --only-upgrade bash


yum update

or if you just want to update bash:

yum update bash 

Mac OS

For Mac OS users, Apple says most Mac users are safe from 'Shellshock' Bash bug.

"With OS X, systems are safe by default and not exposed to remote exploits of bash unless users configure advanced Unix services." -Apple said

Apple released OS X bash Update 1.0 for OS X Lion v10.7.5, OS X Lion Server v10.7.5, OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5 on Sept 29 to patch "Shellshock" Bash bug in OS X. This is the latest patch from Apple, however, some security researchers found out that fix is incomplete. If you are a Mac users with advanced Unix services set up, check out Apple's security updates list regularly for further fix.

Download OS X bash Update 1.0 for Mavericks
Download OS X bash Update 1.0 for Mountain Lion
Download OS X bash Update 1.0 for Lion.

If you're running bash from Homebrew you can get a patched version by running:

brew update
brew upgrade bash

If you're running bash from MacPorts:

sudo port self update
sudo port upgrade bash

Leave a Reply

Your email address will not be published. Required fields are marked *