Select Page

CVE-2014-6217 patch

Resolving Bash vulnerability in cPanel/WHM servers : How to fix CVE-2014-6217 Bash “Shell Shock” vulnerability

[UPDATE 1st Oct] – More vulnerabilities were reported since this post was originally written on Sep 26th. See the notes at the bottom.

Highly critical Bash code injection vulnerability CVE-2014-6217 was declared on 24th Sep, and a patch is now available for cPanel/WHM servers.

If you have a cPanel/WHM server, it has Bash, and if you haven’t expressly patched it, assume that your server is vulnerable. cPanel/WHM servers are typically enabled with CGI modules, and they could allow commands to be passed on to Bash, thus opening the gates to hackers. (more…)