salcode · September 24, 2014 20:25
diff --git a/instructions-CVE-2014-6271.txt b/instructions-CVE-2014-6271.txt
 # SSH into server
 # change to root account using `su` (if you're not already logged in as root)

 # Test for vulnerability
 env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

 # If you see this output, you're not vulnerable and logout now
 # bash: warning: x: ignoring function definition attempt
 # bash: error importing function definition for `x'
 # this is a test

 # If you see this output, follow the steps below
 # vulnerable
 # this is a test

 yum update bash
 # if you don't have yum installed, you'll need to use
 # something like apt-get, which is outside my knowledge base

 # run the test again and confirm you are no longer vulnerable


 # Read More about vulnerability at 
 # https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/
 # https://access.redhat.com/articles/1200223\
 # https://blog.cloudsecurityalliance.org/2014/09/24/worse-than-heartbleed/
	# SSH into server
	# change to root account using `su` (if you're not already logged in as root)

	# Test for vulnerability
	env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

	# If you see this output, you're not vulnerable and logout now
	# bash: warning: x: ignoring function definition attempt
	# bash: error importing function definition for `x'
	# this is a test

	# If you see this output, follow the steps below
	# vulnerable
	# this is a test

	yum update bash
	# if you don't have yum installed, you'll need to use
	# something like apt-get, which is outside my knowledge base

	# run the test again and confirm you are no longer vulnerable


	# Read More about vulnerability at
	# https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/
	# https://access.redhat.com/articles/1200223\
	# https://blog.cloudsecurityalliance.org/2014/09/24/worse-than-heartbleed/