Dealing with #shellshock

by Jack Tarantino

The problem

Shellshock is an exploit in the bash shell that affects basically the entire internet. Almost every Linux-based and OSX-based server and desktop comuter is affected. Fortunately just because the bug is there doesn't mean it's reachable from the outside so it's not nearly as bad as heartbleed on a global scale but it's still pretty bad.

The solution

If you're running a plain Ubuntu server, all you need is one simple command:

sudo do-release-upgrade

If your server is already on the latest major release you can just grab the latest packages:

sudo apt-get update && sudo apt-get upgrade

That's it! You'll be asked a few questions and you'll need to restart the server at the end. Modern hardware with a good network connection should handle this in about 45 minutes.

There's a patch in the latest versions of Ubuntu, Debian and almost all major Linux distros already. As of the writing of this article there's still not a fix for OSX but it should come soon.

Notes

A super smart setup would be running with some sort of provisioning system which makes it super easy to batch update a basically unlimited number of servers.

There's a cool scanning tool you can use to see if your server is vulnerable. Check out Shellshockerto see if you can be readily hacked.