Site icon Web Niraj

New Vulnerability Found in Bash and How to Test

A critical vulnerability has been found in Bash, which affects almost all Linux/Unix distributions that use or have it installed. Luckily, there is a easy way to test to see if your version is vulnerable using a command line. Depending on your version of Linux, a patch may already be available and ready to install. Others way take a few days to issue a fix for your system.

For more information, see the following notice:

CVE-2014-6271, Bash Code Injection Vulnerability via Specially Crafted Environment Variables.

Testing for vulnerability

To test if your version of Bash is vulnerable to this issue, run the following command:

See the gist on github.

If you see the following output, your version is vulnerable and should be patched immediately:

If you see the following, your version is safe and unaffected:

Patching

To update your version of bash, you can use one of the following commands:

See the gist on github.

I’ve found that even the Mac OS X version of bash is vulnerable and needs to be patched. For this, you’ll need to wait for Apple to issue an update for the OS itself.


UPDATE:

Apple has released a downloadable patch to update Bash on Mac OS X Mavericks (v10.9.5). The patch is also available for older versions of Mac OS X including OS X Lion v10.7.5, OS X Lion Server v10.7.5, and OS X Mountain Lion v10.8.5.

Exit mobile version