Question
What is "Shell Shock," and am I vulnerable to it?
Answer
"Shell Shock" or CVE-2014-7169, allows remote attackers to execute arbitrary code via a crafted environment due to bash versions through 4.3 processing trailing strings after function definitions in environment variables' values.
You can determine if you're vulnerable to "Shell Shock" or CVE-2014-7169 using two different methods.
1. You can run the following command to determine if you are currently vulnerable to this exploit. If the output returned is "vulnerable," then you are vulnerable to the exploit.
env x='() { :;}; echo vulnerable' bash -c ""
2. You can also check rpm changelogs to determine if the patch for CVE-2014-7169 was applied using the following command:
rpm -qa --changelog bash | grep CVE-2014-7169
Find more information on this vulnerability here:
Comments
0 comments
Article is closed for comments.