Shellshock (CVE-2014-6271)

Shellshock (CVE-2014-6271)

This is probably is worst than the Heartbleed vulnerability and you will need to update everything based on Bash.

To test if your Bash is vulnerable execute the following code:

$ env x='() { :;}; echo vulnerable' bash -c 'echo this is a test'
vulnerable
this is a test
The word “vulnerable” on the second line indicates the system is vulnerable.

Output after initial patch:

$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test
The absence of the word “vulnerable” indicates bash did not execute the “echo vulnerable” command as part of setting the environment variable x, demonstrating the vulnerability is not present.

More info soon

Advertisements

3 thoughts on “Shellshock (CVE-2014-6271)

  1. Shellshock (CVE-2014-6271) | Hacking, Reverse E...

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s