I'm not an expert, but as I understand it, https://shellshock.detectify.com can only check if your box is exposed to the internet. So if you have an un-patched bash but you are, for example, protected by a firewall, your un-patched bash wouldn't be detected.
The site mentioned in the earlier post - http://www.engadget.com/2014/09/25/what-is-the-shellshock/ is probably better, because it checks the actual bash vulnerability. But that's still not the entire story. Here's a link to another article discussing patches that solve only part of the problem and explains how to check if you have the latest patch: http://www.zdnet.com/shellshock-better-bash-patches-now-available-7000034115/ On Sat, 27 Sep 2014 16:49:47 +0300 Erez D <erez0...@gmail.com> wrote: > On Sat, Sep 27, 2014 at 4:37 PM, Dolev Farhi <dol...@yahoo.com> wrote: > > > Yes its all over the place. > > > that is why I was suprised it was not mentioned in linux-il ;-) > > > > > > > For people with web sites, you can use the following online > > shellshock tester website to check if you are vulnerable in the > > following url: > > > > https://shellshock.detectify.com > > > > > > > > ------ Original message------ > > > > *From: *Erez D > > > > *Date: *Sat, Sep 27, 2014 16:25 > > > > *To: *linux-il; > > > > *Subject:*shell shock > > > > > > just read about the "new linux bug" in ynet > > found out it is a bash exploit > > > > just fyi, > > > > see http://www.engadget.com/2014/09/25/what-is-the-shellshock/ > > > > -- Shlomo Solomon http://the-solomons.net Sent by Claws Mail 3.9.0 - KDE 4.10.5 - LINUX Mageia 3 _______________________________________________ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
