Sunday, September 28, 2014

Patching bash for shellshock

Previous: Installing VMware Player 5.0

The following script is provided on the Redhat security blog to check whether your system is vulnerable to the shellshock exploit:

env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
If the system is vulnerable, the result will be:
vulnerable
 this is a test
If the system is not vulnerable, the result will be:
bash: warning: x: ignoring function definition attempt
 bash: error importing function definition for `x'
 this is a test
Bash up to 4.3 is vulnerable to exploits wherein a shell variable is set to a script and the script is evaluated. On Ubuntu, run these commands to install the patch:
sudo apt-get update
sudo apt-get install --only-upgrade bash
This worked for me on Ubuntu desktop 14.04 LTS.

Next: TBD

0 comments
Labels: ,
Subscribe to: Posts (Atom)