eanbowman@eanbowman:~$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test
eanbowman@eanbowman:~$
That’s what a patched bash shell should look like. To test your own, open up a console and type:
env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
If you see the line “vulnerable” returned, the trailing echo at the end of the function definition is being run and your bash prompt is vulnerable.
An update to bash is already available for most major distributions: