Flash Notes
Security - Vulnerability of bash to the shellshock bug
• How to see if bash is vulnerable to the shellshock bug ?
Solution
$ env x='() { :;}; echo vulnerable' bash -c true
Example 1
$ bash --version | grep release GNU bash, version 4.2.37(1)-release (x86_64-pc-linux-gnu) $ env x='() { :;}; echo vulnerable' bash -c true $
Example 2
$ bash --version | grep release GNU bash, version 4.1.5(1)-release (x86_64-pc-linux-gnu) $ env x='() { :;}; echo vulnerable' bash -c true vulnerable $