Is my server still vulnerable to Shell Shock?

Question

I updated my Debian server since Shell Shock vulnerability was known.

Before update, I had:

$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
vulnerable
this is a test

Now, I have:

$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
this is a test

As I expected to obtain:

bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test

I wonder if the update really corrected the problem.

score 0 · Answer 1 · answered Sep 27 '14 at 00:36

0

According to stalwarts like Ars Technica you are patched.

answered Sep 27 '14 at 00:36

MMB

596

score 0 · Accepted Answer · answered Sep 27 '14 at 07:37

You are patched for time being. There are some more upcoming things on Bash which will be fixed next time.

However, Debian is in default settings not as much effected as other distributions as /bin/sh is linking to Dash on Debian and not to Bash as on most others.

Is my server still vulnerable to Shell Shock?

2 Answers2