Bash testing for Shellshock vunarability
To test if the Macs are vunrable open Terminal and enter the following tests.
Test 1
env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
It should disply vulnerable if the Mac is vulnerable
vulnerable
this is a test
Test 2
env X='() { (a)=>\' sh -c "echo date"; cat echo
It should print something like (the messages and of course the time will vary):
bash: X: line 1: syntax error near unexpected token `='
bash: X: line 1: `'
bash: error importing function definition for `X'
Thu Sep 25 22:12:49 PDT 2014
(Delete the file it makes before you continue! rm echo)
Test 3
env foo='() { echo not patched; }' bash -c foo
It should print
not patched
Test 4
bash -c 'true <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF' || echo "vulnerable"
It should print (the exact number of lines may vary):
bash: line 1: warning: here-document at line 1 delimited by end-of-file (wanted `EOF')
bash: line 1: warning: here-document at line 1 delimited by end-of-file (wanted `EOF')
bash: line 1: warning: here-document at line 1 delimited by end-of-file (wanted `EOF')
bash: line 1: warning: here-document at line 1 delimited by end-of-file (wanted `EOF')
bash: line 1: warning: here-document at line 1 delimited by end-of-file (wanted `EOF')
bash: line 1: warning: here-document at line 1 delimited by end-of-file (wanted `EOF')
bash: line 1: warning: here-document at line 1 delimited by end-of-file (wanted `EOF')
bash: line 1: warning: here-document at line 1 delimited by end-of-file (wanted `EOF')
bash: line 1: warning: here-document at line 1 delimited by end-of-file (wanted `EOF')
bash: line 1: warning: here-document at line 1 delimited by end-of-file (wanted `EOF')
Bus error
vulnerable
Test 5
bash -c '( for x in {1..200} ; do echo "for x$x in ; do :" ; done ; for x in {1..200} ; do echo done ; done )' | bash || echo "vulnerable"
It should print (the exact number may vary):
bash: line 129: syntax error near `x129'
bash: line 129: `for x129 in ; do :'
vulnerable