First of all, what is bash?
Bash is a *nix shell or an interpreter which allows to launch commands on Unix and Linux systems. It’s normally the default shell on Mac OS X and Linux computers. It is a parser on a web server such as Apache. Bash was first released on June 7, 1989.
To read more on bash, visit the Wikipedia link
You can see below how Bash has evolved over the years.
So what’s the bug? Well.
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution.
And which versions of Bash are infected?
It is said that Bash 4.3 and on wards. Which is about 25 years of versions.
How can i test it?
If you open your shell i type this and you get “bug detected” and “shellshock” that means you potentially could be at risk.
env x='() { :;}; echo bug detected’ /bin/bash -c ‘echo shellshock’
So what can i do be safe?
Since it was just released to the public()14:00 GMT on Wednesday, there’s only one patch released. Which is not a full patch. But it will protect you to some extent.
So please go and update your system!
How ever easy it is, we still don’t do it as often we should.
There are around or more than half of the web server based on *nix and most of them parse CGI module.
While it is possible that all machines can be affected, not everyone uses their system as a web server.
But still do update your system and possibly a better full patch would be released soon.
And yes hackers are trying to exploit it, so go on and patch your system
