The media train is in full steam today over the the CVE-2014-6271 programming flaw, better known as the “Bash Bug” or “Shellshock” – the original problem was disclosed on Wednesday via this post. Firstly this issue exploits bash environment variables in order to execute arbitrary commands; a simple check for this per the Red Hat security blog is the following:
env x='() { :;}; echo vulnerable’ bash -c “echo this is a test”
If you see an error:
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x’