You can check if you're vulnerable by running the following lines in your default shell, which on many systems will be Bash. If you see the words "busted", then you're at risk. If not, then either your Bash is fixed or your shell is using another interpreter.
(for x in {1..200} ; do echo "for x$x in ; do :"; done; for x in {1..200} ; do echo done ; done) | bash || echo "CVE-2014-7187 vulnerable, word_lineno"
x00
MVP
Comments
This is not meant as a definitive test
>
grep is your friend.
keep applying updates when they come, becuase patches are mostly incomplete and not the full solution.
grep is your friend.
it is also good idea to individually update bash, rather then relying on distro updates.
grep is your friend.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2014-7169
https://www.us-cert.gov/ncas/alerts/TA14-268A
http://arstechnica.com/security/2014/09/bug-in-bash-shell-creates-big-security-hole-on-anything-with-nix-in-it/
I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.
Thanks for the notice, my bash was susceptible to this bug.
Search first
Check out the Documentation! We are always looking for new content and pull requests.
Click on insightful, awesome, and funny reactions to thank community volunteers for their valuable posts.
New Exploit Method
bash -c 'true <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF' || echo "CVE-2014-7186 vulnerable, redir_stack"(for x in {1..200} ; do echo "for x$x in ; do :"; done; for x in {1..200} ; do echo done ; done) | bash || echo "CVE-2014-7187 vulnerable, word_lineno"Very helpful site for checking new shellshock exploit and updates
https://shellshocker.net