Bash or the Bourne again shell is a Unix like shell which is widely used to control the command prompt on many Linux computers. The vulnerability arises from the ability to operate/create a environment variables with specially-crafted values before calling the bash shell. If bash is configured to as the default system shell, the vulnerability can be triggered by a network–based attackers who can use it to Execute codes/commands to attack servers and devices operating on Linux and Unix OS. leaving behind a backdoor for future attacks in the worst cases. What “Bash bug Could do ? A crafted web request targeting a vulnerable CGI application could launch code/command on the server. Similar attacks are possible via OpenSSH, which could allow even restricted secure shell sessions to bypass controls and execute code on the server. DHCP clients invoke shell scripts to configure the system, with values taken from a potentially malicious server. This would allow arbitrary commands to be run, typically as root, on the DHCP client machine. while these are only few of the examples this bug is capable of doing much more. Why could be Bash Bug a Bigger Threat then Heartbleed ? “Heartbleed”, the bug which resided in the production versions of OpenSSL allowed attackers to extract user ids/data travelling between the servers and the end users. while the bash bug could lead an attacker to have full control over the system. The “Bash Bug” has been present in enterprise Linux software from years and affects versions 1.14 through 4.3 of GNU Bash. Red Hat and Fedora have already issued a patch for the bug. Mac OS X is also effected by the bug, a patch is yet to be released by Apple, though it has just issued an update to “command line tools.” To check if your Linux or Unix system is Vulnerable: Type following in a command line In case your system is vulnerable it will show output as: this is a test
