Flash Notes

Security - Vulnerability of bash to the shellshock bug


• How to see if bash is vulnerable to the shellshock bug ?

Solution

$ env x='() { :;}; echo vulnerable' bash -c true

Example 1

$ bash --version | grep release
GNU bash, version 4.2.37(1)-release (x86_64-pc-linux-gnu)
$ env x='() { :;}; echo vulnerable' bash -c true 
$ 

Example 2

$ bash --version | grep release
 GNU bash, version 4.1.5(1)-release (x86_64-pc-linux-gnu)
 $ env x='() { :;}; echo vulnerable' bash -c true
 vulnerable
 $