Shellshock (CVE-2014-6271)

Shellshock (CVE-2014-6271)

This is probably is worst than the Heartbleed vulnerability and you will need to update everything based on Bash.

To test if your Bash is vulnerable execute the following code:

$ env x='() { :;}; echo vulnerable' bash -c 'echo this is a test'
vulnerable
this is a test
The word “vulnerable” on the second line indicates the system is vulnerable.

Output after initial patch:

$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test
The absence of the word “vulnerable” indicates bash did not execute the “echo vulnerable” command as part of setting the environment variable x, demonstrating the vulnerability is not present.

More info soon