Most think that the Shellshock security issue is more harmful than Heartbleed. This might be right, because most Linux distributions use bash as shell and not every Linux distribution including Mac OS X uses Open SSL for encryption. I show how to update your Bash on a Debian Linux.

Test Debian vulnerability

  • open putty on windows or terminal on Mac and connect fia SSH to your Debian server
  • write the following code in the command line:
  • x='() { :;}; echo vulnerable' bash
  • env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
  • env X='() { (a)=>\' sh -c "echo date"; cat echo
  • if your bash writes „vulnerable or date“ you do have the Shellshock bug on your distribution and have to fix it.

Which shell do i use?

Try the following commands to see what shell you are using.

  • echo $SHELL
  • ps -p $$

Resolve Shellshock vulnerability

  • open putty on windows or terminal on Mac and connect fia SSH to your Debian server
  • apt-get update;
  • apt-get upgrade; (Attention for old systems. Restarts services)