Table of Contents

How to test for and fix the Shellshock vulnerability

On 09/24/2014 a serious vulnerability was discovered inside of GNU bash. More details can be found here

Follow the steps below to see if your system is vulnerable.

How to test if you are vulnerable

Log in through SSH and run the following command: env x='() { :;}; echo vulnerable' bash -c “echo this is a test”

If you see this, you are vulnerable:

root@localhost [~]# env x='() { :;}; echo vulnerable' bash -c "echo this is a test"”
this is a test 
If you see this, you are safe:
root@localhost [~]# env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
bash: warning: x: ignoring function definition attempt 
bash: error importing function definition for `x' 
this is a test 

How to fix if you are vulnerable

You need to be running bash-4.1.2-15 with current RHEL versions.

RHEL (6 or higher):

#yum clean all && yum update bash 

RHEL (older versions):

# rpm -Uvh bash-3.2-33.el5.1.i386.rpm


#yum clean all && yum update bash 


$sudo apt-get update