ShellShock – CVE-2014-6271 and CVE-2014-7169 Bash Vulnerability

If you are running a *nix machine, personal or in a server capacity, in most probability your system is affected by this vulnerability thats been reported. I just ran a check on my boxlet running Ubuntu 12.4 LTS and yes, it was indeed vulnerable. This quick note covers identifying, fixing the ShellShock Bash Vulnerability.

At this point there seem to be incomplete fixes available and we’d have to wait to see more development on this. Keep a close watch on your favorite distro’s security updates and ensure your boxlet is patched.

How to check if your *nix boxlet is vulnerable to the ShellShock Bash Vulnerability?

Open a terminal and copy paste this command:

env x=‘() { :;}; echo vulnerable’ bash c ‘echo hello’

If your boxlet is not vulnerable, you should get the following message as response:

bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x’
hello

If your boxlet is indeed vulnerable, most likely, it would be, you should get the following message as response:

vulnerable
hello

How to fix the ShellShock Bash Vulnerability?

Now to the fix, its pretty much nothing but an update, to do so, type the following in the terminal:

sudo apt-get update && sudo apt-get install bash

Heres what happens “sudo apt-get update”  makes sure that you have the latest packages list and that should include the fixed version of bash and “sudo apt-get install bash” installs the latest, fixed version of bash.

With that, you should be patched for the ShellShock Bash Vulnerability.

However, there are no certainty but to keep a close watch on security sites to see more development and fixes as they evolve.

Keep safe and Keep Peace!