Dear Experts,
I was wondering if it could be a good workaround to link /bin/sh to tcsh
instead of bash. I'm not using bash at all but probably something in the
system is so do you know some contraindication on a system with apache
and SVN servers?
Thanks
Walter
On Wed, 24 Sep 2014, Patrick O'Callaghan wrote:
http://arstechnica.com/security/2014/09/bug-in-bash-shell-creates-big-sec...
From the article:
The vulnerability affects versions 1.14 through 4.3 of GNU Bash. [...]
To check your system, from a command line, type:
env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
If the system is vulnerable, the output will be:
vulnerable
this is a test
An unaffected (or patched) system will output:
$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test
I tried it and got the positive (vulnerable) result.
Can we assume a patched version of Bash will be released shortly?
poc
--