How to Check System Vulnerability on Bash
On each of your systems that run Bash, you may check for Shellshock vulnerability by running the following command at thebash prompt:env VAR='() { :;}; echo Bash is vulnerable!' bash -c "echo Bash Test" echo Bash is vulnerable! portion of the
command represents where a remote attacker could inject malicious code;
arbitrary code following a function definition within an environment
variable assignment. Therefore, if you see the following output, your
version of Bash is vulnerable and should be updated:
Bash is vulnerable!
Bash Test
Otherwise, if your output does not include the simulated attacker's payload, i.e. "Bash is vulnerable" is not printed as output, your version of bash is not vulnerable. It may look something like this:
bash: warning: VAR: ignoring function definition attempt
bash: error importing function definition for `VAR'
Bash Test
No comments:
Post a Comment