Login Form

shellshock bash vulnerability on Debian Squeeze?

First, check to see if your box is vulnerable. Cut/paste this to your command line:

env x='() { :;}; echo "WARNING: SHELLSHOCK DETECTED"' \
bash --norc -c ':' 2>/dev/null;

If you get a response like:

WARNING: SHELLSHOCK DETECTED

As I did in Squeeze, you have the vulnerability. You'll have to update your repositories to the LTS version to get the updates, by commenting out your current repository lines starting with 'deb' in your /etc/apt/sources.list file and then adding these:

deb http://http.debian.net/debian/ squeeze main contrib non-free
deb-src http://http.debian.net/debian/ squeeze main contrib non-free
deb http://security.debian.org/ squeeze/updates main contrib non-free
deb-src http://security.debian.org/ squeeze/updates main contrib non-free
deb http://http.debian.net/debian squeeze-lts main contrib non-free
deb-src http://http.debian.net/debian squeeze-lts main contrib non-free

Now you should update your local cache and install the upgraded bash (their servers are slow now because everyone's updating, so just pull down the bash one for bandwidth's sake):

apt-get update && apt-get install --only-upgrade bash