Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
09-25-2014, 06:36 PM
|
#1
|
Senior Member
Registered: Jan 2002
Location: Nanjing, China
Distribution: Ubuntu 22.04
Posts: 2,151
Rep:
|
shellshock
How do I check if my computer has this bash shellshock bug?? I use Ubuntu and Fedora normally.
|
|
|
09-25-2014, 06:45 PM
|
#2
|
Member
Registered: Jan 2011
Location: New Mexico
Distribution: Xubuntu Core
Posts: 185
Rep:
|
There is an easy test to determine if a Linux or Unix system is vulnerable. To check your system, from a command line, type:
$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
If the system is vulnerable, the output will be:
vulnerable
this is a test
If you're safe, it will throw an error;
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a testenv
|
|
|
09-25-2014, 06:59 PM
|
#3
|
Senior Member
Registered: Jan 2002
Location: Nanjing, China
Distribution: Ubuntu 22.04
Posts: 2,151
Original Poster
Rep:
|
And if I get this???
pedro@pedro-bedro2:~$ $ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
$: command not found
pedro@pedro-bedro2:~$
|
|
|
09-25-2014, 07:01 PM
|
#4
|
Senior Member
Registered: Jan 2002
Location: Nanjing, China
Distribution: Ubuntu 22.04
Posts: 2,151
Original Poster
Rep:
|
Sorry, picked up your $ sign. Now I have this:
pedro@pedro-bedro2:~$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test
pedro@pedro-bedro2:~$
|
|
|
09-25-2014, 07:04 PM
|
#5
|
LQ Veteran
Registered: Mar 2008
Location: Waaaaay out West Texas
Distribution: antiX 23, MX 23
Posts: 7,279
|
Code:
$ env X="() { :;} ; echo vulnerable" bash -c "echo safe"
bash: warning: X: ignoring function definition attempt
bash: error importing function definition for `X'
safe
Code:
$ env X="() { :;} ; echo vulnerable" /bin/sh -c "echo safe"
safe
Mine is safe
Edit; Saw your post after I posted Pedroski. You are safe also.
Code:
$ dpkg -s bash | grep Version
Version: 4.3-7
|
|
|
09-25-2014, 07:12 PM
|
#6
|
Senior Member
Registered: Jan 2002
Location: Nanjing, China
Distribution: Ubuntu 22.04
Posts: 2,151
Original Poster
Rep:
|
Thanks, got this
pedro@pedro-bedro2:~$ env X="() { :;} ; echo vulnerable" /bin/sh -c "echo safe"
safe
but it stays 'live', have to ctrl c to get back to the prompt.
pedro@pedro-bedro2:~$ dpkg -s bash | grep Version
Version: 4.3-7ubuntu1.1
pedro@pedro-bedro2:~$ Version: 4.3-7
|
|
|
09-25-2014, 09:23 PM
|
#7
|
LQ Veteran
Registered: Mar 2008
Location: Waaaaay out West Texas
Distribution: antiX 23, MX 23
Posts: 7,279
|
My AntiX gear is ahead of the curve also.
Code:
harry@biker:~
$ env X="() { :;} ; echo vulnerable" /bin/sh -c "echo safe"
safe
harry@biker:~
$ dpkg -s bash | grep Version
Version: 4.3-8
But I run Debian Testing repos mostly. Instead of Wheezy (except for one old laptop).
|
|
|
09-26-2014, 03:31 AM
|
#8
|
Senior Member
Registered: Jan 2002
Location: Nanjing, China
Distribution: Ubuntu 22.04
Posts: 2,151
Original Poster
Rep:
|
Well, that's the difference between a layman like me, and someone who knows what they are doing!
Thanks for the tips!
|
|
|
All times are GMT -5. The time now is 01:03 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|