Friday, September 26, 2014

Quick guide to fix your fedora/rhel/centos and Mac from Shellshock bash exploit

Check your Bash version

$ bash --version
GNU bash, version 3.2.51(1)-release (x86_64-apple-darwin13)

Copyright (C) 2007 Free Software Foundation, Inc.

Run this following commend on your terminal to find whether your system is vulnerable

env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

If your system infected by Shellshock you will see the following result.

this is a test

What is the good result? 
You don't want worry about Shellshock bug if you see the bellow result in your system

bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'

this is a test

For Fedora, RHEL, CentOS

$yum update bash -y

To fix bash on your mac

Update brew
$brew update

Install bash with
$brew install bash

Now add  /usr/local/bin/bash to /etc/shells

I have tested this on my Mac and updated to bash 4.3.25.
seems I am safe. :)

1 comment:

  1. My bash doesn't give the warning and error, but neither does it say "vulnerable":

    # env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
    this is a test
    # bash --version
    GNU bash, version 4.2.47(1)-release (x86_64-suse-linux-gnu)
    Copyright (C) 2011 Free Software Foundation, Inc.
    License GPLv3+: GNU GPL version 3 or later

    This is free software; you are free to change and redistribute it.
    There is NO WARRANTY, to the extent permitted by law.

    I suppose this is a "good" result?