Shellshock

Updated: 05/04/2019 by Computer Hope
Shellshock bug unofficial logo.

Shellshock, also known as bashdoor, is a classification of security vulnerabilities in the bash command-line shell that are the result of a bug in the software. The developers of bash were initially notified of the vulnerabilities in September 2014. Additional vulnerabilities were discovered in the following weeks, after close scrutiny by employees of Google and Red Hat. The danger stems from the way bash handles a user's environment variables, and the fact that bash can be used to execute a new instance of itself.

How to test if your system is vulnerable

Bash is the default shell in macOS and most versions of Linux. If your system is up-to-date, the vulnerability should already be patched. You can test if your system is vulnerable by opening a terminal and running the following command:

env x='() { :;}; echo VULNERABLE' bash -c "echo This was a test."

If this command returns the following text, then your system is safe.

bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
This was a test.

However, if the command returns the following, then your system is not safe.

VULNERABLE
This was a test.

This text indicates that your system is not patched, and you should update your software immediately.

How to patch your system

macOS

On macOS systems, open the Apple menu in the upper-left corner in your screen, and select About This Mac. In the dialog box that appears, select Software Update. The system will check to see if you require any updates and guide you through their installation.

Alternatively, you can visit Apple's website at https://support.apple.com/en-us/HT201393 to manually download a patch for the vulnerability.

Ubuntu, Debian, and Debian-based Linux

On Linux operating systems that use the APT package manager, such as Ubuntu and Debian, you can update bash with the following command:

sudo apt-get update && sudo apt-get install --only-upgrade bash

Running this command updates your package database with the most up-to-date information, and then installs the newest version of bash.

CentOS Linux

If you are using CentOS, you can update your bash installation using the yum package manager:

sudo yum update bash

Fedora

On Fedora systems, the yum command is slightly different. Use this command to update bash:

sudo yum -y install bash

Arch Linux

Under Arch Linux, you can use the pacman package manager to update bash, with this command:

sudo pacman -Syu

Other operating systems

If you are using another operating system, your update method will vary. We recommend that you check your operating system's website for precise instructions and update your system as soon as possible.

Backdoor, Meltdown and Spectre, Security terms