Bash Shellshock fix with scripts for Debian, Ubuntu, CentOS and other distros. including old Rumi, October 3, 2014December 19, 2014 First check if your Bash is vulnerable, execute the following command- env x='() { :;}; echo vulnerable’ bash -c ‘echo this is a test’ If your system is vulnerable, you will see: vulnerable this is a test If your system is not vulnerable, you will see: bash: warning: x: ignoring function definition attempt bash: error importing function definition for `x’ this is a test To check for the vulnerability CVE-2014-6271, run the following in Bash: env X='() { (a)=>\’ sh -c “echo date”; cat echo If your system is vulnerable, you will see: bash: X: line 1: syntax error near unexpected toke `=’ bash: X: line 1: `’ bash: error importing function for `X’ Sun Sep 08:17:32 EST 2014 If your system is not vulernable, you will see: date cat: echo: No such file or directory To test the vulnerability CVE-2014-7186, run the following in Bash: bash -c ‘true <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF’ || echo “CVE-2014-7186 vulnerable, redir_stack” If your system is not vulnerable, you will see: bash: warning: here-document at line 0 delimited by end-of-file (wanted `EOF’) bash: warning: here-document at line 0 delimited by end-of-file (wanted `EOF’) bash: warning: here-document at line 0 delimited by end-of-file (wanted `EOF’) bash: warning: here-document at line 0 delimited by end-of-file (wanted `EOF’) bash: warning: here-document at line 0 delimited by end-of-file (wanted `EOF’) bash: warning: here-document at line 0 delimited by end-of-file (wanted `EOF’) bash: warning: here-document at line 0 delimited by end-of-file (wanted `EOF’) bash: warning: here-document at line 0 delimited by end-of-file (wanted `EOF’) bash: warning: here-document at line 0 delimited by end-of-file (wanted `EOF’) bash: warning: here-document at line 0 delimited by end-of-file (wanted `EOF’) bash: warning: here-document at line 0 delimited by end-of-file (wanted `EOF’) bash: warning: here-document at line 0 delimited by end-of-file (wanted `EOF’) bash: warning: here-document at line 0 delimited by end-of-file (wanted `EOF’) bash: warning: here-document at line 0 delimited by end-of-file (wanted `EOF’) So, let’s start fixing it! Below, I’ve tried to put various contributors solution to place in a single entry. For Debian 6 (Squeeze) Append this to your sources.list: deb http://http.debian.net/debian squeeze-lts main contrib non-free deb-src http://http.debian.net/debian squeeze-lts main contrib non-free and then run apt-get update apt-get install -t squeeze-lts –only-upgrade bash For Redhat/CentOS: Update the bash using yum (or other package management utility for your appropriate distribution) yum update bash On RedHat 5 (and CentOS 5), the following is the bash version after the update, which fixed the vulnerability. # rpm -qa | grep bash bash-3.2-33.el5_11.4 On RedHat 6 (and CentOS 6), the following is the bash version after the update, which fixed the vulnerability. # rpm -qa | grep bash bash-4.1.2-15.el6_5.2.x86_64 Wait! It’s not over yet! But above all I found this excellent scrpt from GIT contributor, that really works on various Ubuntu, Debian distribution (even some old distros). deshellshock Resource Link- http://www.thegeekstuff.com/2014/09/bash-shellshock-fix-cve-2014-7169/ http://unix.stackexchange.com/questions/157787/legacy-debian-versions-and-bash-shellshock http://unix.stackexchange.com/questions/157414/how-to-only-install-security-updates-on-debian https://raw.githubusercontent.com/pbkwee/deshellshock/master/deshellshock.sh https://www.linode.com/docs/security/security-patches/patching-bash-for-the-shellshock-vulnerability Administrations Configurations (Linux) Scripts BashCentOSDebianShellStickyUbuntu