Everything You Need To Know About The Shellshock Bash Exploit

What is the Shellshock exploit?

As you may know, a critical Bash vulnerability has been recently discovered, being referred by some as “Shellshock”.

Via this exploit, attackers can gain control of systems remote and execute malicious code. Technically, the systems that allow SSH access from remote connections or web servers that run server site scripting are in danger.

Attackers are able to launch malicious code on the server, locally or via OpenSSH by sending infected web request by setting headers in a web request, or by setting weird mime types.

This shellshock vulnerability (CVE-2014-6271) has been these starting with GNU Bash 1.14 to GNU Bash 4.3 and is not new at all, being there for over 22 years now.

How to test if your bash version is vulnerable:

This Bash critical issue has been discovered by the Red Hat developers, who have also posted a test command for you to see if your bash at risk or not. Open a terminal and launch the below command:

$ env x='() { :;}; echo vulnerable' bash -c "system"

If your system is vulnerable, you will get an output like this:



Everything You Need To Know About The Shellshock Bash Exploit

A healthy bath will display the below output:

$ env x='() { :;}; echo vulnerable' bash -c "echo system" bash: warning: x: ignoring function definition attempt bash: error importing function definition for `x' this is a test


Everything You Need To Know About The Shellshock Bash Exploit

What systems are vulnerable?

All Unix and Linux based systems with SSH access used on both desktop and mobile phones are at risk. While Apple, Ubuntu, RedHat, CentOS and Debian have implemented only a partial fix, so systems are still vulnerable (CVE-2014-7169).

Despite the fact that there is no official patch yet, we can install a new version of bash that is not vulnerable.

Still, an update patch will be added soon, so it is vital to keep your systems up to date.

For Ubuntu, Debian and derivatives:

$ sudo apt-get update
$ sudo apt-get upgrade

For Fedora and CentOS:

$ sudo yum update bash

Liked it? Take a second to support Geekster on Patreon!
Tagged with: , , , , , , , ,
Posted in The Linux and Unix Articles!

Leave a Reply

Your email address will not be published. Required fields are marked *


Support LinuxG via Patreon
Support LinuxG.net on Patreon!


Subscribe to get the latest Linux news and how to guides directly on your e-mail!