September 25th, 2014

Shellshock Test

For Vulnerability #1:
 x="() { :; };t=un" /bin/bash -c 'echo /bin/bash is ${t}safe' 2>/dev/null


If you have more than one version of bash installed:

for i in `type -a bash| egrep -o "/.*"`; do /bin/echo -n "$i " ; x="() { :; };t=un" $i -c 'echo  is ${t}safe' 2>/dev/null; done


FOR EXAMPLE:

# for i in `type -a bash| egrep -o "/.*"`; do /bin/echo -n "$i " ; x="() { :; };t=un" $i -c 'echo  is ${t}safe' 2>/dev/null; done
/opt/local/bin/bash is safe
/bin/bash is unsafe


See more --> http://apple.stackexchange.com/questions/146849/how-do-i-recompile-bash-to-avoid-the-remote-exploit-cve-2014-6271-and-cve-2014-7