What is the Shellshock Bash Vulnerability?

Shellshock is a recently discovered vulnerability that allows attackers to execute code on a system and set environment variables. The variables could be used to execute other more powerful commands.

What is Bash?

Bash stands for Bourne Again Shell. Bash was first released in 1989, the bug was introduced in version 1.14 and has been in place till version 4.3. This makes the vulnerability over 20 years old.

How do I know if my system is vulnerable to Shellshock?

To verify if your system is vulnerable, first you need to be running Bash. If you have Bash installed, executing the following command will output if you are vulnerable or not.

If your system is vulnerable the following result will be displayed on your screen:

If you got the message displayed above you will need to update your Bash installation.

If your system is not vulnerable to Shellshock then the following will be output to your screen:

How to patch my machines against Shellshock?

Patching against Shellshock is as easy as updating Bash on the machine. Below are the commands for updating the various Linux operating systems:

Centos, Fedora, or Red Hat

 Debian or Ubuntu