Heads up: possible BASH security vulnerability
Patrick O'Callaghan
pocallaghan at gmail.com
Wed Sep 24 22:56:34 UTC 2014
http://arstechnica.com/security/2014/09/bug-in-bash-shell-creates-big-security-hole-on-anything-with-nix-in-it/
>From the article:
The vulnerability affects versions 1.14 through 4.3 of GNU Bash. [...]
To check your system, from a command line, type:
env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
If the system is vulnerable, the output will be:
vulnerable
this is a test
An unaffected (or patched) system will output:
$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test
I tried it and got the positive (vulnerable) result.
Can we assume a patched version of Bash will be released shortly?
poc
More information about the users
mailing list