![](\"https:\/\/varutra-1a3b6.kxcdn.com\/wp-content\/uploads\/2014\/09\/bash-1024x681.png\" "\\"bash")
<\/p>\n<\/p>\n
Bash is the shell, or command language interpreter, that will appear in the GNU operating system. Bash is an sh-compatible shell that incorporates useful features from the Korn shell (ksh) and C shell (csh). It is intended to conform to the IEEE POSIX P1003.2\/ISO 9945.2 Shell and Tools standard. It offers functional improvements over sh for both programming and interactive use. In addition, most sh scripts can be run by Bash without modification. Bash is quite portable. It uses a configuration system that discovers characteristics of the compilation platform at build time, and may therefore be built on nearly every version of UNIX. Ports to UNIX-like systems such as QNX and Minix and to non-UNIX systems such as OS\/2, Windows 95\/98, and Windows NT are\u00a0available.<\/p>\n Here is a short list of feature available in bash:<\/p>\n <\/p>\n The Bash vulnerability, now dubbed by some as “Shellshock,” has been reportedly found in use by an active exploit against Web servers. A security vulnerability in the GNU Bourne Again Shell (Bash), the command-line shell used in many Linux and Unix operating systems, could leave systems running those operating systems open to exploitation by specially crafted attacks. \u201cThis issue is especially dangerous as there are many possible ways Bash can be called by an application,\u201d<\/p>\n The bug<\/a>, discovered by\u00a0Stephane Schazelas<\/a>, is related to how Bash processes environmental variables passed by the operating system or by a program calling a Bash-based script. If Bash has been configured as the default system shell, it can be used by network\u2013based attackers against servers and other Unix and Linux devices via Web requests, secure shell, telnet sessions, or other programs that use Bash to execute scripts.<\/p>\n Because of its wide distribution, the vulnerability could be as wide-ranging as the Heartbleed bug, though it may not be nearly as dangerous. The vulnerability affects versions 1.14 through 4.3 of GNU Bash. Examples of exploitable systems include the following:<\/p>\n <\/p>\n There is an easy test to determine if a Linux or Unix system is vulnerable. To check your system, from a command line, type:<\/p>\n env x='() { :;}; echo vulnerable’ bash -c “echo this is a test”<\/em><\/strong><\/p>\n If the system is vulnerable, the output will be:<\/p>\n \u00a0 vulnerable<\/em><\/strong><\/p>\n \u00a0 this is a test<\/em><\/strong><\/p>\n <\/p>\n The easiest way to fix the vulnerability is to use your default package manager to update the version of Bash. The following subsections cover updating Bash on various Linux distributions, including Ubuntu, Debian, CentOS, Red Hat, and Fedora.<\/p>\n APT-GET: Ubuntu \/ Debian<\/strong><\/p>\n Update Bash to the latest version available via apt-get:<\/p>\n \u00a0sudo apt-get update && sudo apt-get install –only-upgrade bash<\/strong><\/p>\n YUM: CentOS \/ Red Hat \/ Fedora<\/strong><\/p>\n Update Bash to the latest version available via the\u00a0yum:<\/p>\n sudo yum update bash<\/strong><\/p>\n Note:<\/strong> Now check your system vulnerability again by running the command<\/p>\n For more information refer: \u00a0CVE-2014-6271<\/a><\/p>\n <\/p>\n \u00a0bash: warning: x: ignoring function definition attempt<\/em><\/p>\n \u00a0bash: error importing function definition for `x’<\/em><\/p>\n \u00a0this is a test<\/em><\/p>\n The fix is an update to a patched version of the Bash shell. To be safe, administrators should do a blanket update of their versions of Bash in any case.<\/p>\n References:<\/p>\n![\"Shell](\"https:\/\/www.varutra.com\/wp-content\/uploads\/2014\/09\/imageblog.jpg\")
<\/strong><\/p>\n\n
Shell Shock:<\/strong><\/h3>\n
\n
How to check a vulnerable application for shell shock: <\/strong><\/h3>\n
Fixing Vulnerability:<\/strong><\/h3>\n
An unaffected (or patched) system will output:<\/strong><\/h3>\n