How to test for and fix the Shellshock vulnerability

On 09/24/2014 a serious vulnerability was discovered inside of GNU bash. More details can be found here http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271

Follow the steps below to see if your system is vulnerable.

How to test if you are vulnerable

Log in through SSH and run the following command: env x='() { :;}; echo vulnerable' bash -c “echo this is a test”

If you see this, you are vulnerable:

root@localhost [~]# env x='() { :;}; echo vulnerable' bash -c "echo this is a test"”
vulnerable 
this is a test 
If you see this, you are safe:
 
root@localhost [~]# env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
bash: warning: x: ignoring function definition attempt 
bash: error importing function definition for `x' 
this is a test 

How to fix if you are vulnerable

You need to be running bash-4.1.2-15 with current RHEL versions.

RHEL (6 or higher):

#yum clean all && yum update bash 

RHEL (older versions):

# rpm -Uvh bash-3.2-33.el5.1.i386.rpm

CentOS:

#yum clean all && yum update bash 

Ubuntu:

$update-manager
-or-
$sudo apt-get update