Announcement - Bash Vulnerability Notice

Dear Valued Customers,

* * * All Operating Systems / Services that are utilizing Bash shell will be affected ***
 
Announcement details :
A vulnerability that is affecting all versions of bash package has caught our attention. This vulnerability CVE-2014-6271 could allow for arbitrary code execution. Certain services and applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue.
 
To test if your version of Bash is vulnerable to this issue, run the following command:
 
$ env x='() { :;}; echo vulnerable'  bash -c "echo this is a test"
If the output of the above command looks as follows:
 
vulnerable
this is a test
you are using a vulnerable version of Bash. The patch used to fix this issue ensures that no code is allowed after the end of a Bash function. Thus, if you run the above example with the patched version of Bash, you should get an output similar to:
 
$ env x='() { :;}; echo vulnerable'  bash -c "echo this is a test"
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test
In order to apply the patch (on a Red Hat Enterprise Linux), you may execute below command
 
yum update bash
 
We suggest to reboot the server after the update as well.
 
For other operating systems and services, we will try our best to suggest you the fix, or you could talk to your product vendors for more information.
 
Should you have any difficulties, please do not hesitate to contact our 24x7 technical support team (Department: Tech Support (24x7) - Server / Co-location / VPS) by submitting a ticket at https://support.exabytes.com.my/Main/frmNewTicket.aspx .
 
 
Best Regards,
 
  
Support Team
......................................
Technical Support Department