On 25 September 2014 09:24, Peter Reutemann <fracpete(a)waikato.ac.nz> wrote:
[ from /. thread ]
This is the test to see if you are vulnerable:
env x='() {:;}; echo vulnerable' bash -c "echo this is a test"
And what should we see if we are vulnerable? My running of that just prints out syntax errors and then runs the echo command. The printing out of syntax errors does seem strange, as I would have expected the guff in the single quotes to be verbatim assigned to x without any globbing or variable substitution. But I am no expert in bash having learnt most of my Unix foo on Solaris and Tru64 Unix running csh.
Bad: vulnerable this is a test
Good: this is a test
Source: http://linux.slashdot.org/comments.pl?sid=5750159&cid=47985837
There is also the redhat FAQ that has a lot of helpful information: https://access.redhat.com/articles/1200223 Cheers, Warren.