Monday, September 29, 2014

Bash Shellshock Bug Linux system vulnerability test

Shellshock, also known as Bashdoor, is a family of security bugs in the widely used Unix Bash shell, the first of which was disclosed on 24 September 2014. Many Internet daemons, such as web servers, use Bash to process certain commands, allowing an attacker to cause vulnerable versions of Bash to execute arbitrary commands. This can allow an attacker to gain unauthorized access to a computer system.

The vulnerability can be tested with the following command:

env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

If your system is vulnerable to the Bash "Shellshock" bug the above command will produce a following output:

vulnerable
this is a test

otherwise you will see a following message:

this is a test

No comments :

Post a Comment