Test Your Server for the Shellshock Vulnerability
Print this Article
Last Updated:
July 6, 2015 4:37 PM
After patching your server, run the following tests to make sure your server is safe from the Shellshock vulnerability.
These tests work on all versions of Linux.
- Run the following command:
cd /tmp; rm -f /tmp/echo; env 'x=() { (a)=>\' bash -c "echo date"; cat /tmp/echoA correctly-patched server will return:date cat: /tmp/echo: No such file or directory
- Run the following command:
env 'x=() { :;}; echo vulnerable' 'BASH_FUNC_x()=() { :;}; echo vulnerable' bash -c "echo test"
Clean servers' responses will vary depending on the BASH version, but you should see
test
near the the bottom of the output.Vulnerable servers' response will be
vulnerable
.
Your server must pass both tests to be considered safe from the bash vulnerability.