Skip to main content

How to check if you’re affected by the Shellshock Bash bug for Linux, OS X

1291866 autosave v1 2 laptop hacker
Scyther5 / Shutterstock
The “Shellshock” bug is making cyber security experts and IT folk scramble to apply fixes and develop workarounds. The flaw, which afflicts systems running Linux and Mac OS X, affects Bash, which is short for the “Bourne again shell.”

Bash is a piece of software that controls the command prompt in Linux and Mac OS X. Here’s how Red Hat, the maker of Red Hat Linux, describes the problems posed by the Bash flaw in this official blog post.

An attacker can provide specially-crafted environment variables containing arbitrary commands that will be executed on vulnerable systems under certain conditions.”

A (flawed) patch for Linux-based systems has already been issued, and a follow-up is being developed as we speak. The flawed patch was found to be incomplete by security experts. However, Red Hat recommends that users still install it. That’s because Red Hat considers the problems associated with the first patch to not be as severe as the issues that face systems which don’t have the first patch.

In the interim, there’s a simple way to check if Linux-based sites and servers are vulnerable to the Bash/Shellshock bug. By using this Web-based tool and entering the appropriate information, you can quickly find out if you’re at risk. You can also check if your servers are vulnerable to the flaw by using this other Web-based testing tool, simply dubbed “ShellShock Tester.”

The link was originally posted by Kaspersky’s official blog. When that Bash bug-related post was first published by the anti-malware software developer, Kaspersky noted that the tool indicated 749 vulnerabilities were discovered as a result of 7,362 tests that were ran with it.

Both numbers have spiked significantly. As of this writing, the ShellShock Bash Vulnerability test tool states that 23,832 tests have been conducted using it, and 1,568 vulnerabilities were discovered as a result.

Red Hat’s official security blog states that people should upgrade to the latest version of Bash that contains the fix for the Shellshock flaw.

Meanwhile, Kaspersky states that OS X-based systems can be scanned by following the instructions contained here. At this point, Apple has yet to release an official patch that addresses the Bash bug in OS X computers.

Editors' Recommendations