Shellshock Vulnerability test

There is a Shellshock Vulerability test now available on F-Droid: Shellshock Vulnerability Scan (Scan for Shellshock vulnerability) - Shellshock Vulnerability Scan | F-Droid - Free and Open Source Android App Repository

So, what’s the result when running this on FairPhone?
I expect it’s not vulnerable due there not being a bash on there but being sure saves a lot of people installing another app :slight_smile:

1 Like

I’ve installed and run.

So I would say we’re all safe unless you have a drastically different install running

3 Likes

CM 11 probably isn’t safe. And maybe someone did manage to install bash on their FP OS :wink: @madde

CM 11 M10 in FP1

Pretty much as expected.
The good news is that an out of the box FP install isn’t vulnerable, and I expect that people installing bash apps or CM are more advanced users who know what they’re doing.

It seems that even advanced users don’t know how to bypass the shellshock issue. I guess you wouldn’t even noticed if someone is accessing your shell from outside and running code from there.
Or is there a way to avoid this in CM11? Because this is the main reason which prevented me from installing it on my device.

so far I tried to update bash manually, but have been unsuccesful so far. I don’t really have the time right now to try any further but anyone interested should seek help at the xda or official cyanogenmod forums. If you found a fix, I’d be very happy to hear about it.
As the CM team has stated: “The default shell is not BASH & remote exploit vector is limited.

If you are looking for a collection of Android security checks, go to:

Also see: