LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 09-25-2014, 06:36 PM   #1
Pedroski
Senior Member
 
Registered: Jan 2002
Location: Nanjing, China
Distribution: Ubuntu 20.04
Posts: 2,112

Rep: Reputation: 73
shellshock


How do I check if my computer has this bash shellshock bug?? I use Ubuntu and Fedora normally.
 
Old 09-25-2014, 06:45 PM   #2
albinard
Member
 
Registered: Jan 2011
Location: New Mexico
Distribution: Xubuntu Core
Posts: 185

Rep: Reputation: 59
There is an easy test to determine if a Linux or Unix system is vulnerable. To check your system, from a command line, type:
$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
If the system is vulnerable, the output will be:
vulnerable
this is a test

If you're safe, it will throw an error;
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a testenv
 
Old 09-25-2014, 06:59 PM   #3
Pedroski
Senior Member
 
Registered: Jan 2002
Location: Nanjing, China
Distribution: Ubuntu 20.04
Posts: 2,112

Original Poster
Rep: Reputation: 73
And if I get this???

pedro@pedro-bedro2:~$ $ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
$: command not found
pedro@pedro-bedro2:~$
 
Old 09-25-2014, 07:01 PM   #4
Pedroski
Senior Member
 
Registered: Jan 2002
Location: Nanjing, China
Distribution: Ubuntu 20.04
Posts: 2,112

Original Poster
Rep: Reputation: 73
Sorry, picked up your $ sign. Now I have this:

pedro@pedro-bedro2:~$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test
pedro@pedro-bedro2:~$
 
Old 09-25-2014, 07:04 PM   #5
rokytnji
LQ Veteran
 
Registered: Mar 2008
Location: Waaaaay out West Texas
Distribution: antiX 23, MX 23
Posts: 7,026
Blog Entries: 21

Rep: Reputation: 3466Reputation: 3466Reputation: 3466Reputation: 3466Reputation: 3466Reputation: 3466Reputation: 3466Reputation: 3466Reputation: 3466Reputation: 3466Reputation: 3466
Code:
$ env X="() { :;} ; echo vulnerable" bash -c "echo safe"
bash: warning: X: ignoring function definition attempt
bash: error importing function definition for `X'
safe
Code:
$  env X="() { :;} ; echo vulnerable" /bin/sh -c "echo safe"
safe
Mine is safe

Edit; Saw your post after I posted Pedroski. You are safe also.

Code:
$ dpkg -s bash | grep Version
Version: 4.3-7
 
Old 09-25-2014, 07:12 PM   #6
Pedroski
Senior Member
 
Registered: Jan 2002
Location: Nanjing, China
Distribution: Ubuntu 20.04
Posts: 2,112

Original Poster
Rep: Reputation: 73
Thanks, got this

pedro@pedro-bedro2:~$ env X="() { :;} ; echo vulnerable" /bin/sh -c "echo safe"
safe

but it stays 'live', have to ctrl c to get back to the prompt.

pedro@pedro-bedro2:~$ dpkg -s bash | grep Version
Version: 4.3-7ubuntu1.1
pedro@pedro-bedro2:~$ Version: 4.3-7
 
Old 09-25-2014, 09:23 PM   #7
rokytnji
LQ Veteran
 
Registered: Mar 2008
Location: Waaaaay out West Texas
Distribution: antiX 23, MX 23
Posts: 7,026
Blog Entries: 21

Rep: Reputation: 3466Reputation: 3466Reputation: 3466Reputation: 3466Reputation: 3466Reputation: 3466Reputation: 3466Reputation: 3466Reputation: 3466Reputation: 3466Reputation: 3466
My AntiX gear is ahead of the curve also.

Code:
harry@biker:~
$ env X="() { :;} ; echo vulnerable" /bin/sh -c "echo safe"
safe
harry@biker:~
$ dpkg -s bash | grep Version
Version: 4.3-8
But I run Debian Testing repos mostly. Instead of Wheezy (except for one old laptop).
 
Old 09-26-2014, 03:31 AM   #8
Pedroski
Senior Member
 
Registered: Jan 2002
Location: Nanjing, China
Distribution: Ubuntu 20.04
Posts: 2,112

Original Poster
Rep: Reputation: 73
Well, that's the difference between a layman like me, and someone who knows what they are doing!

Thanks for the tips!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 02:08 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration