Sep 25, 2014
kalpesh

[Fix] Linux Bash Code Injection Vulnerability – ShellShock

ShellShock is new Linux vulnerability affecting all versions of Bash package. This vulnerability is worse than HeartBleed! This command line vulnerability is present in Mac OS X too. Basically it’s there in all the systems having Bash, a software used to control the command line in Unix.

To test if you are vulnerable to ShellShock, run this command:

1
env x='() { :;}; echo vulnerable'  bash -c "echo this is a test"

If you see output:

1
2
vulnerable
this is a test

that means you are vulnerable!

Fix for Redhat packages:

1
yum update bash

Fix for Ubuntu/Debian packages:

1
apt-get upgrade bash

After running above commands, check again to see if you are vulnerable:

1
env x='() { :;}; echo vulnerable'  bash -c "echo this is a test"

If you see below output, that means you are no longer vulnerable

1
2
3
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test

Leave a comment

 

Welcome to my Blog

Kalpesh MehtaHelping Magento developers in their day-to-day development problems since 2011. Most of the problems and solutions here are my own experiences while working on different projects. Enjoy the blog and don't forget to throw comments and likes/+1's/tweets on posts you like. Thanks for visiting!

Certifications