Check your Bash version
$ bash --version
GNU bash, version 3.2.51(1)-release (x86_64-apple-darwin13)
Copyright (C) 2007 Free Software Foundation, Inc.
Run this following commend on your terminal to find whether your system is vulnerable
env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
If your system infected by Shellshock you will see the following result.
vulnerable
this is a test
What is the good result?
You don't want worry about Shellshock bug if you see the bellow result in your system
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test
For Fedora, RHEL, CentOS
$yum update bash -y
To fix bash on your mac
Update brew
$brew update
Install bash with
$brew install bash
Now add /usr/local/bin/bash to /etc/shells
I have tested this on my Mac and updated to bash 4.3.25.
seems I am safe. :)
My bash doesn't give the warning and error, but neither does it say "vulnerable":
ReplyDelete# env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
this is a test
# bash --version
GNU bash, version 4.2.47(1)-release (x86_64-suse-linux-gnu)
Copyright (C) 2011 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later
This is free software; you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
#
I suppose this is a "good" result?