How to patch the ShellShock bash exploit (CVE-2014-6271 and CVE-2014-7169)

  • 25th September 2014

How to test for exploit

On the command line run

$ env x='() { :;}; echo vulnerable' bash -c 'echo hello'

If the following message appears


your system is affected by the exploit.

How to Fix

Amazon Linux (CentOS)

$ sudo yum update bash


$ sudo apt-get update && sudo apt-get --only-upgrade install bash

Checking the fix has worked

Run the

$ env x='() { :;}; echo vulnerable' bash -c 'echo hello'

command again, the following should be returned:

sh: X: line 1: syntax error near unexpected token =' sh: X: line 1:'
sh: error importing function definition for `X'