"Shellshock" bash bug
Kevin O'Gorman
kogorman at gmail.com
Fri Sep 26 15:43:33 UTC 2014
There has been a code-injection vulnerability in bash for the last 22
years, recently discovered and named "Shellshock". It's nasty.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271
Here's a quick one-liner to see if you're vulnerable:
$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
vulnerable
this is a test
$
If you get that result, update your bash from the repositories, and all
should be well:
$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test
$
Safe computing to all
--
Kevin O'Gorman
#define QUESTION ((bb) || (!b)) /* Shakespeare */
Please consider the environment before printing this email.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20140926/b0fe2bb8/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 441 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20140926/b0fe2bb8/attachment.gif>
More information about the ubuntu-users
mailing list