Skip to main content

Posts

Showing posts from September, 2014

Quick guide to fix your fedora/rhel/centos and Mac from Shellshock bash exploit

Check your Bash version

$ bash --version GNU bash, version 3.2.51(1)-release (x86_64-apple-darwin13)
Copyright (C) 2007 Free Software Foundation, Inc.
Run this following commend on your terminal to find whether your system is vulnerable


env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

If your system infected by Shellshock you will see the following result.

vulnerable
this is a test


What is the good result? 
You don't want worry about Shellshock bug if you see the bellow result in your system


bash: warning: x: ignoring function definition attempt bash: error importing function definition for `x'
this is a test

For Fedora, RHEL, CentOS

$yum update bash -y


To fix bash on your mac


Update brew
$brew update

Install bash with
$brew install bash

Now add  /usr/local/bin/bash to /etc/shells



I have tested this on my Mac and updated to bash 4.3.25.
seems I am safe. :)