Bash.

Get rid of #ShellShock in 10 seconds: Just update your system!

Shellshock, the recently discovered vulnerability that allows attackers to inject code into your machines, puts the *nix systems (Mac OS X or Linux) at a serious risk for malicious attacks.

Shellshock uses a Bash script to access your computer. From there, they can launch programs, start and stop services, and access personal files. The script only affects UNIX-based systems, so Linux and Mac are the only ones vulnerable.

Many distributions already have patches available, so you can follow these instructions to update your system.

Debian and forks (Ubuntu)

Using su on a terminal:

$ su -
# apt-get update
# apt-get upgrade

Ubuntu and forks, using sudo on a terminal:

$ sudo apt-get update
$ sudo apt-get upgrade

CentOS

yum -y update

Testing

You can test your system by running this test command from Terminal:

$ env x='() { :;}; echo vulnerable' bash -c 'echo hello'

If you will get this result:

bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
hello

You are not vulnerable. If you will get:

vulnerable hello

You are vulnerable. It may be because the package bash patched is not yet available in the repositories of the distribution you have installed. You must manually update Bash and I would recommend that, as soon as you can, reinstall on your machine any more reliable distribution.

Miguel Menéndez

SysAdmin, Network & Security Auditor.