Shellshock Bug Fix MTP

Document created by Charles_Nack Employee on Sep 26, 2014Last modified by Charles_Nack Employee on Oct 1, 2014
Version 2Show Document
  • View in full screen mode

For information on keeping your MTP up to date on security fixes please see

Tech Tip: Checking backported security fixes on an Multi-port Monitor


Tech Doc link: TEC618171

How to determine if your version of bash is vulnerable:

To test if your version of Bash is vulnerable to this issue, run the following command:
     $ env x='() { :;}; echo vulnerable'  bash -c "echo this is a test"
If the output of the above command looks as follows:
this is a test

you are using a vulnerable version of Bash.

The patches used to fix this issue ensure that no code is allowed after the end of a Bash function. Thus, if you run the above example with the patched version of Bash, you should get an output similar to:
     $ env x='() { :;}; echo vulnerable'  bash -c "echo this is a test"
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test



If you are affected by this please download the patch from:


For more info :
Bug 1141597 – CVE-2014-6271 bash: specially-crafted environment variables can be used to inject shell commands

and your OS vendor's vulnerability sites.

Any questions please contact CA Support for further assistance.