Here is how you can test if you are vulnerable from the latest bash bug:
Am I vulnerable?
Edit for the time being: You are. No complete public fix has been posted yet, for the new CVE (CVE-2014-7169). The instructions I give below are only sufficient to close off part of the vulnerability.
There is an easy check. Open a terminal and paste the following:
env x='() { :;}; echo vulnerable' bash -c 'echo hello'
It simply sets the environment variable called x to the value '() { :;}; echo vulnerable'. It then invokes bash asking it to echo back the word hello. The value of x that is set is a function definition that should do nothing. However, it is crafted to try to run 'echo vulnerable' at parsing of environment at bash start-up, which just prints vulnerable to standard out.
If you are not vulnerable, then the following will be shown:
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
hello
If you are vulnerable, then you will see:
vulnerable
hello
Most likely you will be. In that case, a "yum update bash" should fix it. But I have been told that a reboot, after the update, is also be necessary...
What is the CVE-2014-6271 bash vulnerability, and how do I fix it?askubuntu.com
Recently, there have been news going around regarding "CVE-2014-6721", which is a vulnerability in Bash. How do I know if I am affected by this, how can I fix it, and why should I care? This is de...
