Check if you are vulnerable to the shellshock bug. This is an easy way to find out.

A vulnerable cygwin shell.

shellshock vulnerabililty in cygwin.
shellshock vulnerabililty in cygwin.

Using the shellshock vulnerability to run ls in cygwin.

Homer@bejiitas ~
$ x='() { :;}; `/bin/ls -hula`' bash -c :
bash: total 53K
drwxrwxr-x+ 1 Homer Homer    0 Sep 26 18:38 .
drwxrwxrwt+ 1 Homer Homer    0 Sep 26  2013 ..
-rw-rw----  1 Homer Homer  222 Sep 26  2013 .bash_history
-rwxrwxr-x  1 Homer Homer 1.5K Sep 26  2013 .bash_profile
-rwxrwxr-x  1 Homer Homer 6.0K Sep 26  2013 .bashrc
drwxrwx---+ 1 Homer Homer    0 Sep 26  2013 .cache
drwxrwx---+ 1 Homer Homer    0 Sep 26  2013 .config
-rwxrwxr-x  1 Homer Homer 1.9K Sep 26  2013 .inputrc
drwxrwx---+ 1 Homer Homer    0 Sep 26  2013 .local
-rw-rw-r--  1 Homer Homer  175 Sep 26  2013 .minttyrc
-rwxrwxr-x  1 Homer Homer 9.7K Sep 26  2013 .mkshrc
-rwxrwxr-x  1 Homer Homer 1.3K Sep 26  2013 .profile
drwx------+ 1 Homer None     0 Jun 25 12:56 .ssh
drwxrwxr-x+ 1 Homer Homer    0 Jan  2  2014 Documents
-rwxr-xr-x  1 Homer None   503 Sep 26 18:38 bash.exe.stackdump
-rwxrwxr-x  1 Homer Homer  136 Jan  2  2014 my.c
-rwxrwxr-x  1 Homer Homer  136 Jan  2  2014 my.cn-place=~
-rw-rw-r--  1 Homer Homer   25 Dec 23  2013 out.base
drwxrwxr-x+ 1 Homer Homer    0 Oct 17  2013 sysinfo-master
drwxrwxr-x+ 1 Homer Homer    0 Sep 11 22:50 sysinfo.kdevelop-1.0: Permission denied
Segmentation fault (core dumped)

This is the function that you should use to see if you are vulnerable.

env check='Not vulnerable' x='() { :;}; check=Vulnerable' bash -c 'echo $check'

And this is the output that you should get if you are running a patched version of bash.

jason@jason-H55-USB3:~/Documents$ env check='Not vulnerable' x='() { :;}; check=Vulnerable' bash -c 'echo $check'
env check='Not vulnerable' x='() { :;}; check=Vulnerable' bash -c 'echo $check'
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
Not vulnerable

This is the version of bash that I am running.

jason@jason-H55-USB3:~/Documents$ bash --version
bash --version
GNU bash, version 4.3.11(1)-release (x86_64-pc-linux-gnu)
Copyright (C) 2013 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
 
This is free software; you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Version 4.3.11 is the version to upgrade to if you want to beat this security hole. This is really an exaggerated problem, only really a worry if you are running a device or a computer with an outdated operating system. Bash version 3.2.51 would be vulnerable, but upgrading to 4.3.11 will fix this problem.

Type this command on a Debian or Ubuntu/Mint system.

sudo apt-get update ; sudo apt-get upgrade

This will upgrade your bash copy to the latest version if you are using Debian, Mint or Ubuntu.

Here I am checking my zsh shell as well. This is zsh version 5.0.2.

jason@jason-H55-USB3 ~ % env x='() { :;}; echo vulnerable' zsh -c 'echo hello'
hello

And the sh shell.

$ env x='() { :;}; echo vulnerable' sh -c 'echo hello'
hello

So my system is patched and safe.

Another way to test your systems: http://security.stackexchange.com/questions/68168/is-there-a-short-command-to-test-if-my-server-is-secure-against-the-shellshock-b?lq=1.

Mac OSX shellshock information: http://security.stackexchange.com/questions/68123/are-ordinary-os-x-desktops-at-risk-from-bash-shellshock-bug-cve-2014-6271.

This is another possible exploit though.

env X='() { (a)=>\' sh -c "echo date"; cat echo

This should still work.

2 responses to “Check if you are vulnerable to the shellshock bug. This is an easy way to find out.

Leave a Reply