Whole tech-aware internet these days is talking not only about bending iPhone 6, but also a serious vulnerability in Bash which may allow custom command injection hack thus gaining access and usually root to your box. Here are some tips on checking your system.

Red Hat reports that:

The bash code injection vulnerability CVE-2014-6271 could allow for arbitrary code execution, allowing an attacker to bypass imposed environment restrictions. Certain services and applications allow remote unauthenticated attackers to exploit this vulnerability by providing environment variables. As the Bash shell is the most commonly used shell today, the risk of impact from this vulnerability if left unchecked could be severe.

I am not going to cover the vulnerability itself as it has been well explained by Wired and Kaspersky in both non and technical ways. Here are some tips to check your box.

Login to your system and execute following code suggested by DigitalOcean:

[code lang=”shell”]env VAR='() { :;}; echo Bash is vulnerable!’ bash -c "echo Bash Test"[/code]

If you see following in output, means your system is vulnerable:

[code lang=”plain”]Bash is vulnerable!
Bash Test[/code]

My

Linux Mint workstation (which is usually very up-to-date) returned following which signals system is secure:

[code lang=”plain”]bash: warning: VAR: ignoring function definition attempt
bash: error importing function definition for `VAR’
Bash Test[/code]

There are also several testing tools available:

To secure your system, make sure to “yum update” your 

CentOS systems and run package update tool on
Linux Mint.

Bash update in Linux Mint with ShellShock patched

So the remedy yet is simply update your system.