There’s been a report of a new code injection attack in Linux, using environment variables. In order to test to see if your system is vulnerable, run the following code from SSH:
env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
If your OK, you should get something like this:
env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test
If not, you will get something like this:
env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
vulnerable
this is a test
If vulnerable, it’s recommended to patch the BASH installation.