Scripting for Bash Vulnerability/Shellshock

Abstract: Security researchers, vendors, and other reporting organizations have commented on the GNU Bash (Bourne Again shell) vulnerability, the severity of the vulnerability, and the critical need to patch vulnerable versions of Bash. Central to their message is the need to test for the vulnerability by issuing the exploit, and then patching the affected systems. This technical report presents an introduction for technical and non-technical managers who are unfamiliar with the Bash vulnerability. In particular, this note introduces a few sample code fragments that can test for the vulnerability without exploiting the vulnerability.

Date Published:

Last Reviewed: 15 June 2015

Identifier: MIT-002R-2014

Type: Reference/Overview; Report

Tags: Bourne Again Shell - BASH; Vulnerability; Shellshock; Attack; Vector; Command Shell