Thursday, 25 September 2014

(bash vulnerability) Bash software bug could be bigger threat than Heartbleed, experts warn

Secure your Linux , apple pc, servers
Try the vulnerability test (in Terminal): 

$ env x='() { :;}; echo vulnerable' bash -c 'echo hello'
if you are vulnerable, you get back:
vulnerable
hello
if get it "vulnerable" please immediate update bash shell at linux.

for Centos\RHEL linux :
yum update bash

For ubuntu :

apt-get update aptapt-get install --only-upgrade bash or
mkdir srccd srcwget http://ftp.gnu.org/gnu/bash/bash-4.3.tar.gz
#download all patchesfor i in $(seq -f "%03g" 0 25); do wget http://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-$i; donetar zxvf bash-4.3.tar.gz cd bashcd bash-4.3#apply all patchesfor i in $(seq -f "%03g" 0 25);do patch -p0 < ../bash43-$i; done#build and install./configure && make && make install cd
cd .. cd
cd ..rm -r src
Verify patch
export VULNCHECK='() { :; }; echo You are still vulnerable'; bash
You are still vulnerable


You can see if you’re vulnerable by running the following command:
In a vulnerable environment, it’ll say:

And again check vulnerability if look like its fine.
or
$ env X="() { :;} ; echo busted" /bin/sh -c "echo hello"
hello
 or
otherwise you get:
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
hello

Reset Grace Period of Windows Server 2012 RDS

Error: the remote session was disconnected because there are no remote desktop license servers available to provide license in aws Solu...