The following is an alert from the US-Cert alert system to test if your system is vulnerable try cut and pasting the following line in the command line prompt on your Unix or Linux System<\/p>\n
env x='() { :;}; echo vulnerable’ bash -c “echo this is a test”<\/p>\n
if you get back two lines one saying<\/p>\n
Vulnerable<\/p>\n
and another saying<\/p>\n
this is a test<\/p>\n
then your system needs patching if you just get this is a test then your ok. If your unsure as always contact us<\/p>\n
National Cyber Awareness System:<\/p>\n
A critical vulnerability has been reported in the GNU Bourne Again Shell (Bash), the common command-line shell used in most Linux\/UNIX operating systems and Apple\u2019s Mac OS X. The flaw could allow an attacker to remotely execute shell commands by attaching malicious code in environment variables used by the operating system [1]<\/a>. The United States Department of Homeland Security (DHS) is releasing this Technical Alert to provide further information about the GNU Bash vulnerability.<\/p>\n GNU Bash versions 1.14 through 4.3 contain a flaw that processes commands placed after function definitions in the added environment variable, allowing remote attackers to execute arbitrary code via a crafted environment which enables network-based exploitation. [2<\/a>, 3<\/a>]<\/p>\n Critical instances where the vulnerability may be exposed include: [4<\/a>, 5<\/a>]<\/p>\n This vulnerability is classified by industry standards as \u201cHigh\u201d impact with CVSS Impact Subscore 10 and \u201cLow\u201d on complexity, which means it takes little skill to perform. This flaw allows attackers to provide specially crafted environment variables containing arbitrary commands that can be executed on vulnerable systems. It is especially dangerous because of the prevalent use of the Bash shell and its ability to be called by an application in numerous ways.<\/p>\n Patches have been released to fix this vulnerability by major Linux vendors for affected versions. Solutions for CVE-2014-6271 do not completely resolve the vulnerability. It is advised to install existing patches and pay attention for updated patches to address CVE-2014-7169.<\/p>\n Many UNIX-like operating systems, including Linux distributions, BSD variants, and Apple Mac OS X include Bash and are likely to be affected. Contact your vendor for updated information. A list of vendors can be found in CERT Vulnerability Note VU#252743<\/a> [6]<\/a>.<\/p>\n US-CERT recommends system administrators review the vendor patches and the NIST Vulnerability Summary for CVE-2014-7169<\/a>, to mitigate damage caused by the exploit.<\/p>\n The following is an alert from the US-Cert alert system to test if your system is vulnerable try cut and pasting the following line in the command line prompt on your Unix or Linux System env x='() { :;}; echo … Continue reading Description<\/h3>\n
\n
Impact<\/h3>\n
Solution<\/h3>\n
References<\/h3>\n
\n