Remote Vulnerability in BASH

There’s been a report of a new code injection attack in Linux, using environment variables. In order to test to see if your system is vulnerable, run the following code from SSH:

env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

If your OK, you should get something like this:
env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test

If not, you will get something like this:
env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
vulnerable
this is a test

BASH Screenshot

If vulnerable, it’s recommended to patch the BASH installation.

Further Information

Leave a Reply