PrestaSOO Posted September 25, 2014 Share Posted September 25, 2014 (edited) Well, few months ago, we have Heartbleed, and today, we have a new problem : a remotely exploitable vulnerability has been discovered in bash on Linux and it is unpleasant. This affects Debian as well as other Linux distributions. You will need to patch ASAP. If you're running your Prestashop store on a hosting service, maybe your hosting will be fixed automatically by your hosting provider ( and you should wish they will do that as soon as possible ). But if you have a server ? If you're using Prestashop for your bussiness ( serious ), i know you need ( and maybe you have ) a server for your business. Redhat, CentOS, Ubuntu...,hmm, something like that. An attacker could inject and subsequently execute arbitrary shell commands in applications or services that call bash. The major attack vectors that have been identified in this case are HTTP requests and CGI scripts. Certain services and applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue. Fix it now. Update your server and then update your bash : $ apt-get --only-upgrade install bash So easy, huh ? If you have any problems, PM me, or visit PrestaSOO's Blog Edited September 25, 2014 by DeJour (see edit history) Link to comment Share on other sites More sharing options...
vekia Posted September 25, 2014 Share Posted September 25, 2014 it's not enough, env X='() { (a)=>\' sh -c "echo date"; cat echo and patch means nothing Link to comment Share on other sites More sharing options...
Recommended Posts