Bash Code Injection Vulnerability (aka Shellshock)

Posted on October 3, 2014 by Dominic

Recently there has been the new vulnerability on bash in unix system allowing unauthenticated access to applications and services to atackers. Following are quick steps as displayed on Red hat support portal to identify whether your RHEL/CentOS is vulnerable or not.

Go to command prompt then type the following command:

env 'x=() { :;}; echo vulnerable' 'BASH_FUNC_x()=() { :;}; echo vulnerable' bash -c "echo test"

If you see in the result some word like “vulnerable” then you need to update your bash to the latest or rater patched version.

To be on the safer side please keep your bash updated with latest fixes

yum update bash

Further Reading:

https://access.redhat.com/articles/1200223?sc_cid=70160000000e8eaAAA

http://www.itnews.com/exploits-vulnerabilities/84263/six-key-defenses-against-shellshock-attacks?source=ITNEWSNLE_nlt_itndaily_2014-09-30

About Dominic

J for JAVA more about me : http://about.me/dominicdsouza

View all posts by Dominic →

This entry was posted in Thechy Stuff and tagged Shellshock. Bookmark the permalink.

Leave a Reply Cancel reply

Enter your comment here...

Fill in your details below or click an icon to log in:

Email (required) (Address never made public)

Name (required)

Website

You are commenting using your WordPress.com account. ( Log Out / Change )

You are commenting using your Twitter account. ( Log Out / Change )

You are commenting using your Facebook account. ( Log Out / Change )

Cancel

Connecting to %s

%d bloggers like this:

	Andry on Ftplet – Servlet for Apa…
	Viktor on [Java FX 2] Stage with rounded…
	Other World on [Docker for Windows] Certifica…
	Marek on [Java FX 2] Stage with rounded…
	arpan on [Docker for Windows] Certifica…