‘ShellShock’ BASH vulnerability (this is about OSX but affects Linux & UNIX as well)

I’m sure if you haven’t been under a rock the last week or two, you’ve heard about the BASH shell vulnerability called ‘ShellShock’ that affects Linux, Unix, & OSX. (also, anything else that runs BASH including Cygwin on Windows)
If you haven’t, it’s a variable manipulation vulnerability that can inject whatever it wants into a file, or get data from a file.  To check if you are vulnerable, paste the following into your BASH prompt (no, it’s not dangerous):

env x='() { :;}; echo vulnerable’ bash -c ‘echo hello’

If you are vulnerable, it will print out:

vulnerable
hello

Red Hat Linux has an advisory update about this: https://rhn.redhat.com/errata/RHSA-2014-1306.html

Apple has a patch for this on OS X Mavericks: http://support.apple.com/downloads/DL1769/en_US/BashUpdateMavericks.dmg

It updates the BASH version from 3.2.51(1)-release to 3.2.53(1)-release

Check yours by simply typing ‘bash –version’ at the prompt.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s