How To Check If Your Mac or Linux Machine Is Vulnerable to Shellshock

Copy-paste this line of text into a bash window

env x='() { :;}; echo vulnerable' bash -c 'echo hello'

If the reply comes back as:

vulnerable hello

or

vulnerable
hello

Then your version of bash is vulnerable to shellshock. Most distributions have already pushed out a new version of bash. My Ubuntu machines updated yesterday.

If you use Cygwin, then you need to check there to. Cygwin bash 4.1.10 is definitely vulnerable, but 4.1.11 is not.

If your version of bash is not vulnerable the output will be:

bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
hello

How To Check If Your Mac or Linux Machine Is Vulnerable to Shellshock.