blog image
blog image
September 25 2014

Bug in linux 'bash' causes 'shellshock' - update required

PostedThursday September 25th 2014

A vulnerability in the linux Bash shell may allow for an attacker to execute code on a server and open the door to other attacks taking place that could lead to the server becoming fully compromised.

Many security experts are calling this bug “bigger than Heartbleed” and it’s important that system administrators patch vulnerable systems as soon as possible.

Affected distributions include:

  • Red Hat Enterprise Linux (versions 4 through 7)
  • Fedora
  • CentOS (versions 5 through 7)
  • CloudLinux
  • Debian

To test your system for the exploit, you can run this command from shell:

$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
this is a test

Most linux distributions have issued a fix, and for Redhat, CloudLinux and CentOS systems you can run yum update which will bring down the updated version of Bash.

Your system is no longer vulnerable if the above test returns this:

$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test

Mac OS remains unpatched by Apple at the time of writing.

Further information on this bug can be found at:


Share this article
Angelo is the co-CEO and one of VentraIP Australia's co-founders. His passion for the industry is only rivalled by his d...
Who are VentraIP Australia?
VentraIP Australia is the largest privately owned web host and domain name registrar in Australia, backed by a team of industry veterans and local technical professionals.
View website