Thursday, September 25, 2014

How to identify if your bash shell is vulnerable to Bash Code Injection Vulnerability (CVE-2014-6271) , CVE-2014-7169

This new vulnerable in bash is spreading quickly over the Internet just like the heartbleed. How to know if your bash version is vulnerable?
For Linux
env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
For Solaris 10
env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
For Solaris 11
env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

Solution is of course to patch or update to the latest version of bash. Go check out your OS for any updates now.