{"id":1016,"date":"2014-09-26T14:22:49","date_gmt":"2014-09-26T18:22:49","guid":{"rendered":"https:\/\/www.lilithebowman.com\/blog\/?p=1016"},"modified":"2014-09-26T14:22:49","modified_gmt":"2014-09-26T18:22:49","slug":"test-for-shellshock-cve-2014-6271-bash-vulnerability","status":"publish","type":"post","link":"https:\/\/www.lilithebowman.com\/blog\/2014\/09\/test-for-shellshock-cve-2014-6271-bash-vulnerability\/","title":{"rendered":"Test for Shellshock (CVE-2014-6271) bash vulnerability"},"content":{"rendered":"<p><code>eanbowman@eanbowman:~$ env x='() { :;}; echo vulnerable' bash -c \"echo this is a test\"<br \/>\nbash: warning: x: ignoring function definition attempt<br \/>\nbash: error importing function definition for `x'<br \/>\nthis is a test<br \/>\neanbowman@eanbowman:~$<br \/>\n<\/code><\/p>\n<p>That&#8217;s what a patched bash shell should look like. To test your own, open up a console and type:<\/p>\n<p><code>env x='() { :;}; echo vulnerable' bash -c \"echo this is a test\"<br \/>\n<\/code><\/p>\n<p>If you see the line &#8220;vulnerable&#8221; returned, the trailing echo at the end of the function definition is being run and your bash prompt is vulnerable.<\/p>\n<p>An update to bash is already available for most major distributions:<\/p>\n<ol>\n<li><a href=\"http:\/\/support.novell.com\/security\/cve\/CVE-2014-6271.html\">Novel\/SuSE<\/a><\/li>\n<li><a href=\"https:\/\/www.debian.org\/security\/2014\/dsa-3032\">Debian<\/a><\/li>\n<li><a href=\"http:\/\/www.ubuntu.com\/usn\/usn-2362-1\/\">Ubuntu<\/a><\/li>\n<li><a href=\"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=CVE-2014-6271\">Redhat\/Fedora<\/a><\/li>\n<li><a href=\"http:\/\/advisories.mageia.org\/MGASA-2014-0388.html\">Mageia<\/a><\/li>\n<li><a href=\"http:\/\/centosnow.blogspot.com\/2014\/09\/critical-bash-updates-for-centos-5.html\">CentOS<\/a><\/li>\n<\/ol>\n","protected":false},"excerpt":{"rendered":"<p>eanbowman@eanbowman:~$ env x='() { :;}; echo vulnerable&#8217; bash -c &#8220;echo this is a test&#8221; bash: warning: x: ignoring function definition attempt bash: error importing function definition for `x&#8217; this is a test eanbowman@eanbowman:~$ That&#8217;s what a patched bash shell should look like. To test your own, open up a console and type: env x='() { [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-1016","post","type-post","status-publish","format-standard","hentry","category-daily-musings"],"_links":{"self":[{"href":"https:\/\/www.lilithebowman.com\/blog\/wp-json\/wp\/v2\/posts\/1016","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.lilithebowman.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.lilithebowman.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.lilithebowman.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.lilithebowman.com\/blog\/wp-json\/wp\/v2\/comments?post=1016"}],"version-history":[{"count":2,"href":"https:\/\/www.lilithebowman.com\/blog\/wp-json\/wp\/v2\/posts\/1016\/revisions"}],"predecessor-version":[{"id":1019,"href":"https:\/\/www.lilithebowman.com\/blog\/wp-json\/wp\/v2\/posts\/1016\/revisions\/1019"}],"wp:attachment":[{"href":"https:\/\/www.lilithebowman.com\/blog\/wp-json\/wp\/v2\/media?parent=1016"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.lilithebowman.com\/blog\/wp-json\/wp\/v2\/categories?post=1016"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.lilithebowman.com\/blog\/wp-json\/wp\/v2\/tags?post=1016"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}