A vulnerability has been discovered in GNU bash. It allows an attacker to cause remote execution of arbitrary code.

A critical level security reviews LINUX system on a flaw in the ‘bash’.

To check the vulnerability, it is possible to run the following command:

approx VAR = '() {0; }; echo danger "bash -c" echo hello "

when the version of bash is vulnerable, the following message is obtained:


After applying the security patch the same command should produce the following message:

bash: warning: VAR: ignoring function definition Attempt
bash: error importing function definition for "VAR"

The exploitation of the vulnerability is trivial.

More information: CVE-2014-6271