SF-LUG - Shell Shock BASH vulnerability
Bobbie Sellers
bliss-sf4ever at dslextreme.com
Thu Sep 25 21:54:58 PDT 2014
Hi Luggers,
Just occurred to me that few people depending on the mailing list may
have heard about this.
So far most of the active distributions have supplied an update.
The test for the flaw in protection is too open a shell and
type or copy the following line.
env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
This is what I get after my update to bash earlier today.
[bliss at hpnotebox ~]$ env x='() { :;}; echo vulnerable' bash -c "echo
this is a test"
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test
[bliss at hpnotebox ~]$
So please check your shell if you haven't done so already and
take the bash update from your distribution's repositories.
Bobbie Sellers
More information about the sf-lug
mailing list