How to fix the shellshock bash bug vulnerability in bash shell

Published on September 29, 2014

The shellshock vulnerability also known as bash bug is a Bash vulnerability that allows a hacker to run arbitrary commands on any machine running a vulnerable version of Bash. Bash was created in 1987 and the shellshock vulnerability has probably existed since 1992, so it's one of the oldest bugs around.

The targeted machines are those that run web servers, but it would be good to patch any machine running Bash. That includes machines running Linux, BSD and Mac OS X. If your machine hasn't been patched as of Sunday, 28 September 2014, it's still vulnerable.

There have been five exploits so far.

CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, CVE-2014-7187, CVE-2014-6277

To test if your system is vulnerable, run this command:

env x='() { :;}; echo vulnerable; exit;' bash -c 'echo not vulnerable'

If the output is vulnerable, it means Bash has to be upgraded immediately.

ShellShock Bash Bug

To upgrade Bash, here are a few steps:

Mac OS X

Apple just released this patch. Download and run BashUpdateMavericks.dmg. It will upgrade your Bash to the patched version.

Mac OS X using MacPorts

sudo port selfupdate
sudo port upgrade bash

Debian GNU/Linux

apt-get update
apt-get install --only-upgrade bash

Cent OS / Fedora / Red Hat

yum update bash -y

Arch Linux

pacman -Sy bash

This article will be updated till all known vulnerabilities for Bash are fixed. Stay tuned.

Related Posts

If you have any questions, please contact me at arulbOsutkNiqlzziyties@gNqmaizl.bkcom. You can also post questions in our Facebook group. Thank you.

Disclaimer: Our website is supported by our users. We sometimes earn affiliate links when you click through the affiliate links on our website.

Published on September 29, 2014