On 09/24/2014 a serious vulnerability was discovered inside of GNU bash. More details can be found here http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271
Follow the steps below to see if your system is vulnerable.
Log in through SSH and run the following command: env x='() { :;}; echo vulnerable' bash -c “echo this is a test”
If you see this, you are vulnerable:
root@localhost [~]# env x='() { :;}; echo vulnerable' bash -c "echo this is a test"”
vulnerable
this is a test
If you see this, you are safe:
root@localhost [~]# env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test
You need to be running bash-4.1.2-15 with current RHEL versions.
RHEL (6 or higher):
#yum clean all && yum update bash
RHEL (older versions):
# rpm -Uvh bash-3.2-33.el5.1.i386.rpm
CentOS:
#yum clean all && yum update bash
Ubuntu:
$update-manager-or-
$sudo apt-get update