What You Need To Know About Shellshock

0/6 Replay Gallery More Galleries

What You Need To Know About Shellshock

Another week, another massive security vulnerability that is almost a household name. How bad is it? Really bad. According to Matt Harrigan of PacketSled, “It’s really pretty astonishing how bad this bug is and how long it went unchecked. To be clear, the scale of impacted machines includes anything that runs bash. This includes a ton of consumer products, wireless routers, handheld phones, etc.”


What do you need to know about Shellshock and what can you do to ensure your machines aren’t compromised? Read on.


Wha Happen?

In short, bash, the shell used on many computers including OS X and Linux machines as well as connected devices, can be exploited remotely. The trick is that you can potentially run malicious code just through a specially-formed HTTP request. Nothing has been compromised… yet. But the possibility is always there.



If you’re running OS X or Linux, type this into your terminal:

env x='() { :;}; echo vulnerable' bash -c 'echo hello'

If you see the word "vulnerable" then you're vulnerable. You're probably vulnerable. That's the scary part.

But I Use Windows!

Good for you. You’re safe… for now. The bug doesn’t bother folks not using bash.


I'm Using OS X! HELP!

Ok. Go over here and follow these instructions. This fix requires you to patch and recompile bash, which could be a frustrating process if you haven’t installed Xcode. However, expect an OS X update to roll out shortly to fix this. If you’re not actively serving data, then you might be OK for a bit.


Image (1) linux-desktop-i-want-to-believe.jpg for post 100781

To see if you’re compromised, type this into your terminal:

env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

If you see "vulnerable" then you're compromised. Update your version with this command (if you're running Ubuntu).

apt-get update && apt-get -y upgrade

Try the exploit again. Still bad? Try:

apt-get install -y bash

You should be OK after this, but remember: anywhere bash is Shellshock will follow. If you're running any sort of embedded Linux, this is a big deal. Keep an eye on your servers and update ASAP.

It's going to be OK.

Update, upgrade, and patch. Do it now. Do it quickly. Chances are you won’t be compromised but they also said the Titanic couldn’t sink. Fix your stuff ASAP.