ShellShock,CVE-2014-6271
ShellShock or CVE-2014-6271
Test If You Have The Bug
test@srv-test:$ env x='() { :;}; echo vulnerable’ bash -c “echo this is a test” env x='() { :;}; echo vulnerable’ bash -c “echo this is a test”
Positive Result
vulnerable
this is a testNegative Result
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x’
this is a test
vulnerable
this is a testNegative Result
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x’
this is a test
Examples Command
RHEL: #yum clean all && yum update bash
On my older RHEL 5 box: # rpm -Uvh bash-3.2-33.el5.1.i386.rpm
CentOS: #yum clean all && yum update bash
Ubuntu: $update-manager -or- $sudo apt-get update