Shellshock bug – vulnerability on Bash shell: How to fix ?

Shellshock bug – vulnerability on Bash shell: How to fix ?

On September 24, 2014, a GNU Bash vulnerability, referred to as Shellshock or the "Bash Bug", was disclosed. In short, the vulnerability allows remote attackers to execute arbitrary code given certain conditions, by passing strings of code following environment variable assignments. Because of Bash's ubiquitous status amongst Linux, BSD, and Mac OS X distributions, many computers are vulnerable to Shellshock; all unpatched Bash versions between 1.14 through 4.3 (i.e. all releases until now) are at risk.

Examples of exploitable systems include the following:

    Apache HTTP Servers that use CGI scripts (via mod_cgi and mod_cgid) that are written in Bash or launch to Bash subshells
    Certain DHCP clients
    OpenSSH servers that use the ForceCommand capability
    Various network-exposed services that use Bash

How to check the vulnerability ?

Run the below command and check

env 'VAR=() { :;}; echo Bash is vulnerable!' 'FUNCTION()=() { :;}; echo Bash is vulnerable!' bash -c "echo Bash Test"

If Vulnerability exists you will get below output

[root@serverA ~]# env x='() { :;}; echo vulnerable' bash -c "echo Bash  test"
Bash is vulnerable
Bash test
[root@serverA ~]#

How to fix vulnerable?


Ubuntu/Debian : apt-get

#sudo apt-get update && sudo apt-get install --only-upgrade bash

CentOS / Red Hat / Fedora : YUM

#sudo yum update bash

Be sure to update all of your affected servers to the latest version of Bash! Also, be sure to keep your servers up to date with the latest security updates!

Cheers !!!

Post a Comment


  1. Hi There ,

    I learnt so much in such little time about SYSADMINSHARE. Even a toddler could become smart reading of your amazing articles.

    I read in articles filling the market needs Linux and BSD are increasingly traditionally served by proprietary Unix operating systems, as well as expanding into new markets such as the consumer desktop and mobile and embedded devices. Is it killing the Windows device market?

    I look forward to see your next updates.


  2. I appreciate your thoughtful and considerate approach in every comment, But the challenges in preparing for my accounting exam are real. I need assistance who take my online accounting exam for me, If anyone has helpful advice or tips, I'm all ears. Thanks in advance