How to test for exploit

On the command line run

$ env x='() { :;}; echo vulnerable' bash -c 'echo hello'

If the following message appears

vulnereable
hello

your system is affected by the exploit.

How to Fix

Amazon Linux (CentOS)

$ sudo yum update bash

Ubuntu

$ sudo apt-get update && sudo apt-get --only-upgrade install bash

Checking the fix has worked

Run the

$ env x='() { :;}; echo vulnerable' bash -c 'echo hello'

command again, the following should be returned:

sh: X: line 1: syntax error near unexpected token =' sh: X: line 1:
sh: error importing function definition for `X’

Comments