02
Oct
2014

The Shellshock Bash Bug in action

Its been published all over the net as of late, the infamous “Shellshock” bug has come to light. The original bug report┬ádocumented that bash (the basic command line program that runs on the vast majority of Linux distros and Mac OS) processes trailing strings after function definitions.

Here is an example command that exploits this bug:

env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

Run the above all on one line in the terminal to test your system to see if it still exhibits this bug. If your system does, then you will get this output:

vulnerable
this is a test

And you should update your software as soon as you can!

If you have updated your software, you should just get:

this is a test

A video below shows two systems, one unpatched and one patched:

Windows 10 Developer Preview Installation in VirtualBox
Descent on the Raspberry Pi

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.