BASH SHELLSHOCK: Am I Still Vulnerable? - a Different Approach for Linux.

Am I Still Vulnerable? - a Different Approach for Linux.


This BASHMASH/SHELLSHOCK: AM I Vulnerable? - A Different Approach for Linux. How To Guide will show if you are at risk of the recent BashMash exploits: CVE-2014-6271 and CVE-2014-7169 .

I thought we should add a method and fix for our Linux/Bash crowd to see if they are still at risk of the recent SHELLSHOCK exploit.

You might be thinking, I got it patched already, I think? Or What is an exploit? Well if you fall somewhere in the middle of this then you may want to read on.

Today we will run the env string in question against our machine to see if it gives us unwanted output showing we still are at risk from this exploit.

As shown in OTWs guide on exploiting SHELLSHOCK .You may want to make sure you are safe from this exploit and don't let this one fall into the cracks.

Let's check now by entering this command into the terminal.
Open a terminal .

Then type:~# env VAR='() { :;}; echo Bash is EXPLOITABLE!' bash -c "echo Bash is not vulnerable"

Hit enter.

The output echo SHOULD NOT show "Bash is EXPLOITABLE!". If you see that in the output you should update BASH right now!

The Remedy

aptitude / apt-get: Debian based distros
Update Bash to the latest version available via apt-get
#sudo apt-get update && sudo apt-get install --only-upgrade bash
#apt-get update && sudo apt-get install --only-upgrade bash

yum: Red Hat based distros
Update Bash to the latest version available via the yum
#sudo yum update bash
#yum update bash

Now check your system for the vulnerability again by running the "env VAR" command in the previous section.

Pretty sure the fix for this is still incomplete but the patch does help.
Hope this helps you in some way,

### Should of put this out last week but I was away and thought someone else would have already wrote one up. ;-p

Want to start making money as a white hat hacker? Jump-start your hacking career with our 2020 Premium Ethical Hacking Certification Training Bundle from the new Null Byte Shop and get over 60 hours of training from cybersecurity professionals.

Buy Now (90% off) >

Other worthwhile deals to check out:

Join the Next Reality AR Community

Get the latest in AR — delivered straight to your inbox.


Very useful infos, thank you, it also kinda explains how ShellShock works.

Thanks CIUFFY, yes . I was wondering if anyone was gonna pick up on that. ;-P

I tried it in the comments sections of OTW's post but it's been hidden. Never mind, it was just a video, finally Null Byte has this too, thanks!

Share Your Thoughts

  • Hot
  • Latest