Bash Bug or “Shellshock” is a vulnerability found in the GNU Bourne Again Shell (Bash). Bash is a command line interpreter used by many distributions of Linux, UNIX, and MAC OS X as well as many different “appliances” such as routers, IP Cameras, etc… Let’s get right down to business and figure out how we can check our version of bash to see if it vulnerable.

Open a shell and run the following command:

env x='() { :;}; echo Your Bash Version is Vulnerable' bash -c "echo Testing..."

If the command returns the following you are vulnerable and should patch your system as soon as possible.

Your Bash Version is Vulnerable

If the command returns something similar to below, then you are already patched against this vulnerability.

bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'

To test against the file creation issue, (CVE-2014-7169) which is the second part of this vulnerability, you can run the following command: 

cd /tmp; rm -f /tmp/echo; env 'x=() { (a)=>' bash -c "echo date"; cat /tmp/echo

If your system is vulnerable, the time and date will be displayed and a file named “echo” will be created in the /tmp directory.

Your will see the following output if your system is NOT vulnerable:

cat: /tmp/echo: No such file or directory

If you are running Red Hat, CentOS, or Fedora you can easily patch your system with the following command (All patches have been released as of 9-26-2014).

yum update bash

An unpatched version of bash on a workstation or a computer behind a firewall is fairly safe. This problem is a lot worse for people running servers available on the internet. Second, see if the distribution you are using has issued a patch. Most Linux vendors already have a patch available including Red Hat, CentOS, Ubuntu, Debian and Fedora. Apple is yet to issue a patch, but it should be available within a few days. If there is a patch available, you should install it and run the above test again.

For more in depth information about the “Bash Bug” / “Shellshock” vulnerability please see the following links.

Red Hat Blog post outlining both issues

NIST Vulnerability Summary CVE-2014-6271

NIST Vulnerability Summary CVE-2014-7169