Shellshock, also known as bashdoor, is a classification of security vulnerabilities in the bash command-line shell that are the result of a software bug. The developers of bash were initially notified of the vulnerabilities in September 2014. Additional vulnerabilities were discovered in the following weeks, after close scrutiny by employees of Google and Red Hat. The danger stems from the way bash handles a user’s environment variables, and the fact that bash can execute a new instance of itself.

How to test if your system is vulnerable

Bash is the default shell in macOS and most versions of Linux. If your system is up-to-date, the vulnerability should already be patched. You can test if your system is vulnerable by opening a terminal and running the following command:

  • How to test if your system is vulnerable.

  • How to patch your system

  • macOS

  • Ubuntu, Debian, and Debian-based Linux.

  • CentOS Linux

  • Fedora

  • Arch Linux

  • Other operating systems

  • macOS

  • Ubuntu, Debian, and Debian-based Linux.

  • CentOS Linux

  • Fedora

  • Arch Linux

  • Other operating systems

env x=’() { :;}; echo VULNERABLE’ bash -c “echo This was a test.”

If this command returns the following text, then your system is safe.

bash: warning: x: ignoring function definition attempt bash: error importing function definition for `x’ This was a test.

However, if the command returns the following, then your system is not safe.

VULNERABLE This was a test.

This text indicates that the system is not patched, and should be updated immediately.

How to patch your system

macOS

On macOS systems, open the Apple menu in the upper-left corner in your screen, and select About This Mac. In the dialog box that appears, select Software Update. The system checks to see if you require any updates and guide you through their installation.

Alternatively, you can visit Apple’s website to manually download a patch for the vulnerability.

Ubuntu, Debian, and Debian-based Linux

On Linux operating systems that use the APT package manager, such as Ubuntu and Debian, you can update bash with the following command:

sudo apt-get update && sudo apt-get install –only-upgrade bash

Running this command updates your package database with the most up-to-date information, and then installs the newest version of bash.

CentOS Linux

If you are using CentOS, you can update your bash installation using the yum package manager:

sudo yum update bash

Fedora

On Fedora systems, the yum command is slightly different. Use this command to update bash:

sudo yum -y install bash

Arch Linux

Under Arch Linux, you can use the pacman package manager to update bash, with this command:

sudo pacman -Syu

Other operating systems

If you’re using another operating system, your update method will vary. We recommend you check your operating system’s website for precise instructions and update your system as soon as possible.

Backdoor, Meltdown and Spectre, Security terms

  • Computer security help and support.