ShellShock – How to test your system

In the past few weeks the number of security incidents in the news has increased.  Home depot, Jimmy John’s and also Shellshock.  From credit card theft via malware to online security vulnerabilities you need to keep on guard.

This most recent ShellShock vulnerability is going to be big.  Since a very large portion of the web is using Linux or some variant of *ux, this security issue touches a lot of places.  I won’t go into details of the Shellshock bash vunerablity because Troy Hunt does a wonderful job on his blog with this post:  http://www.troyhunt.com/2014/09/everything-you-need-to-know-about.html.  If you are concernced about any system you may be using I recommend reading that article.

After hearing about the issue i quickly decided to test all systems that I have access to.  I used a varient of the script that Troy shares (only because I found a reference to this one first).  If you are able to ssh or get a bash command line you can test your system. Using this simple script.

env VAR='() { :;}; echo Your System is vulnerable!' bash -c "echo Bash is OK"

Here is a view of one of my systems
jimiz_bash

If you are using or managing a website I suggest that you check your system now.   This security vulnerability makes it easy for people to do bad things on your system.

 

 

Leave a Comment