Skip to main content
Super User

Questions tagged [shellshock]

Ask Question

A critical vulnerability (CVE-2014-6271) in Bash which allows remote execution of arbitrary code through an error in handling function assignments to environment variables.

12 questions
Newest Active Bountied Unanswered
3 votes
2 answers
10k views

Sample script: #!/usr/bin/env bash echo "abc" Output from Bash version 4.1.2(1)-release: $ ./a.bash bash: BASH_FUNC_module(): line 0: syntax error near unexpected token `)' bash: ...
kevinarpe's user avatar
  • 4,098
2 votes
1 answer
2k views

I have cygwin installed on my computer and would like to make sure that I'm secured from the shellshock vulnerability. How do I patch cygwin to fix the shellshock vulnerability?
James Mertz's user avatar
  • 26.6k
-1 votes
1 answer
237 views

I am somewhat ignorant on this whole shell-shock thing that is happening right now. So, this may sound like a bit of a dopey question; but, I am wondering, if this effects me at all. I currently use a ...
L.B.'s user avatar
  • 493
3 votes
4 answers
5k views

The title says it all. I am still vulnerable (CVE-2014-6271 and possibly CVE-2014-7169) with Ubuntu 14.04.1 and Bash 4.3-7ubuntu1.4 apt-get update = nothing apt-get upgrade = nothing apt-get install ...
closetnoc's user avatar
  • 43
4 votes
1 answer
2k views

I use the Git Bash on a Windows 8.1 machine. Do I need to be concerned by Shellshock?
BanksySan's user avatar
  • 763
0 votes
2 answers
150 views

I updated my Debian server since Shell Shock vulnerability was known. Before update, I had: $ env x='() { :;}; echo vulnerable' bash -c "echo this is a test" vulnerable this is a test Now, I have: $...
lauhub's user avatar
  • 177
-1 votes
3 answers
1k views

What seems to be wrong with my code below? I'm downloading and patching up to patch 18 which I understand is the patch for shellchock vulnerability. But I still get the vulnerability when running Bash....
Adam Terrey's user avatar
  • 209
2 votes
1 answer
694 views

I've patched my servers, but I'd also like to review my logs to see if there have been any compromises on them. Are there any consistent traces of exploits using this bug?
Tom Damon's user avatar
  • 466
22 votes
4 answers
15k views

I have a system that I administer remotely (2 timezones away) that runs Ubuntu 9.04, Jaunty. For various reasons, mainly that I'm really leery about trying to do a distribution upgrade from so far ...
Claus's user avatar
  • 223
0 votes
0 answers
269 views

Concerning the Shellshock bug (aka "bash bug", CVE-2014-6271), can someone explain how this vulnerability works? Based on the test given in some posts (below), it looks like some type of injection ...
FLGMwt's user avatar
  • 1,609
24 votes
7 answers
38k views

The test command x='() { :;}; echo vulnerable' bash shows that my Debian 8 (Jessie) installation is vulnerable, even with the latest updates. Research shows that there's a patch for stable and ...
John Lawrence Aspden's user avatar
  • 1,064
37 votes
4 answers
8k views

Does the Shellshock Bash bug affect ZSH? Is upgrading Bash the only solution?
marflar's user avatar
  • 523