env x=’() { :;}; echo vulnerable’ bash -c “echo this is a test”
If the system is vulnerable, the output will be:
vulnerable
this is a test
An unaffected (or patched) system will output:
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x’
this is a test
or it will say that bash is not present or something else, you figure it out :)
So what about my systems? Here's the list:
- pfSense firewall 2.1.4-RELEASE (amd64), built on Fri Jun 20 12:59:50 EDT 2014, FreeBSD 8.3-RELEASE-p16 : not vulnerable, bash is not there by default :) check /etc/shells if you have it installed
- FreeNAS home server FreeNAS-9.2.1.7-RELEASE-x64 (fdbe9a0), FreeBSD 9.2-RELEASE-p10 #0 r262572+4fb5adc: Wed Aug 6 17:07:16 PDT 2014 : bash present by defeult, system vulnerable, checked jails, bash not present, will wait for the fix in next version, there's good comment on this at the end of this discussion :)
- Mac Darwin Kernel Version 13.3.0: Tue Jun 3 21:27:35 PDT 2014; root:xnu-2422.110.17~1/RELEASE_X86_64 x86_64 : vulnerable, (I think) I haven't played with enabling/opening things, so will be waiting on Apple :)
- Hackintosh Darwin Kernel Version 13.3.0: Tue Jun 3 21:27:35 PDT 2014; root:xnu-2422.110.17~1/RELEASE_X86_64 x86_64 : vulnerable, (I know) I haven't played with enabling/opening things, so will be waiting on Apple
- XBMC based HTPC on Ubuntu 14.04.1 LTS, Linux ___ 3.11.0-13-generic #20-Ubuntu SMP Wed Oct 23 07:38:26 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux : not vulnerable
- I haven't hacked into my TV and I won't :)
Good luck to you all!
