Step 1: Check Your System for the Vulnerability
On each of your systems that run Bash, you may check for Shellshock vulnerability by running the following command at the bash prompt:
If your bash is vulnerable you will see “Your bash is Vulnerable” followed by the “Bash Tested” line.
If the test is positive this is a very large concern. Suffice to say there are hundread of ways for an attacker to manipulate this particular flaw, however one of the most concerning is the web server header attack. Simply modifying the headers that someone uses to GET or POST to you server they could be running code on your server. This makes hearbleed look like a minor concern.
If you have the vulnerability you need to patch it as soon as possible.
This is not as big a concern for personal computers, since you do not run a internet accessible web server. This does not mean you should let it go unpatched, but you can wait for your operating system to release the official patch.
Step 2: Patch Your System and Retest the Vulnerability
Once you get a positive result. You will need to resolve the issue, you can do this in one of two ways.
You can use the package manager that came with your OS such as yum or apt-get.
Simply run these commands:
for Ubuntu or Debian:
or for centos, redhat, or Amazon Linux:
or if those do not work you can always install and upgrade from source.
The commands to compile and replace your copy of bash follow. These are confirmed on a Linux Ubuntu system with build-essential meta package installed. It may vary on other OSs.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29
Once patched you will need to test again to make sure it resolved the issue.
you should only see “Bash Tested” output in the terminal window.