There is a new security issue named Shell Shock that was discovered and it is believed to be as bad, if not worse than Heartbleed. This affects the Bash shell used in about all variations of the UNIX based operating systems. This includes systems such as Linux and Apple's OS X. If you run any of these system, here is how to tell if you are vulnerable to this security flaw:
1. Open a terminal window.
2. At the prompt, key in bash and press the ENTER key.
3. Paste this command on the command line:
env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
4. Execute the command by pressing the ENTER key.
If you ARE NOT vulnerable, the system will respond with something like the following:
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test
If you are vulnerable, the system will respond with:
vulnerable
this is a test
I'm sure that Apple, and the various other OS developers will patch this before long, however just be aware that it does exist.
1. Open a terminal window.
2. At the prompt, key in bash and press the ENTER key.
3. Paste this command on the command line:
env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
4. Execute the command by pressing the ENTER key.
If you ARE NOT vulnerable, the system will respond with something like the following:
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test
If you are vulnerable, the system will respond with:
vulnerable
this is a test
I'm sure that Apple, and the various other OS developers will patch this before long, however just be aware that it does exist.
