To know if you are vulnerable, you can run:
env X="() { :;} ; echo busted" /bin/sh -c "echo completed"
env X="() { :;} ; echo busted" `which bash` -c "echo completed"
If you see "busted" then you are vulnerable.
Is there a patch yet?
Asked
Active
Viewed 7,577 times
2
ONeZetty
- 613
- 6
- 9
Mike McKay
- 385
-
13.04 has been out of support for some time, so instead of patching, think about switching to a supported LTS release, 14.04 or 12.04. – mikewhatever Sep 25 '14 at 07:25
-
It's a good suggestion and may be what I have to do - but I have a number of deployed systems on 13.04 and I expect stuff will break if I upgrade to 14.04. – Mike McKay Sep 25 '14 at 07:33
-
1@MikeMcKay if you are concerned about this bug in 13.04 why are you not concerned about not getting updates at all in 13.04?! "Is there a patch yet?" No, and there will most likely not be a patch for 13.04. – Rinzwind Sep 25 '14 at 07:47
-
@Rinzwind I didn't realize that there were no security updates for 13.04 at all. That said, this bug is particularly easy to exploit - hence my concern. I guess I need to upgrade the distro. – Mike McKay Sep 25 '14 at 08:30
-
The fix has been pushed already for the not EOL versions --- got mine this morning, few hours ago. – Rmano Sep 25 '14 at 08:48
-
1Anyway, still some problem to fix... look at http://apple.stackexchange.com/questions/146849/how-do-i-recompile-bash-to-avoid-the-remote-exploit-cve-2014-6271-and-cve-2014-7 – Rmano Sep 25 '14 at 08:53
-
1http://askubuntu.com/questions/528101/what-is-the-cve-2014-6271-bash-vulnerability-and-how-do-i-fix-it – Jorge Castro Sep 25 '14 at 15:18