Home How To Detect And Patch This Big, Bad Unix Bash Shellshock Bug

How To Detect And Patch This Big, Bad Unix Bash Shellshock Bug

Security researchers have discovered and patched a 22-year-old bug in the bash shell, the ubiquitous Linux and Unix command-line interpreter.

See also: Don’t Fear The Command Line

The vulnerability dates back to bash version 1.13 and extends all the way to the most recent version 4.3. It exploits the way bash handles environment variables. Hackers can tack on code to function definitions within these variables, which the bash shell will then wrongly interpret and execute as commands once it’s invoked.

Since bash is the default shell for many Linux and Unix systems, you can imagine the havoc hackers could wreak with the “Shellshock bug.” Since this bug could allow malicious types to remotely execute code, it could theoretically let a hacker seize control of a server from afar.

See also: 7 Heartbleed Myths Debunked

However, much in the same way that we can’t tell if anybody exploited the Heartbleed bug, it’s too soon to tell if anybody has taken advantage of Shellshock. Update: security researcher Yinette has just found evidence of the first attacks made using the bug. 

However, now that there’s a patch for Bash up to its latest version 4.3, they won’t be able to—at least on patched systems.

Do you need to patch your version of Bash? Red Hat provided a test you can implement. To check your system, type the following into the command line:

$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

If it returns the text “this is a test,” your system is vulnerable.

If it returns this instead, though, you’re all set:

$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test

Photo by Steven Tom

About ReadWrite’s Editorial Process

The ReadWrite Editorial policy involves closely monitoring the gambling and blockchain industries for major developments, new product and brand launches, game releases and other newsworthy events. Editors assign relevant stories to in-house staff writers with expertise in each particular topic area. Before publication, articles go through a rigorous round of editing for accuracy, clarity, and to ensure adherence to ReadWrite's style guidelines.

Get the biggest iGaming headlines of the day delivered to your inbox

    By signing up, you agree to our Terms and Privacy Policy. Unsubscribe anytime.

    Gambling News

    Explore the latest in online gambling with our curated updates. We cut through the noise to deliver concise, relevant insights, keeping you informed about the ever-changing world of iGaming and its most important trends.

    In-Depth Strategy Guides

    Elevate your game with tailored strategies for sports betting, table games, slots, and poker. Learn how to maximize bonuses, refine your tactics, and boost your chances to beat the house.

    Unbiased Expert Reviews

    Honest and transparent reviews of sportsbooks, casinos and poker rooms crafted through industry expertise and in-depth analysis. Delve into intricacies, get the best bonus deals, and stay ahead with our trustworthy guides.