"Shellshock" bash bug
NoOp
glgxg at sbcglobal.net
Fri Sep 26 18:44:12 UTC 2014
On 09/26/2014 08:43 AM, Kevin O'Gorman wrote:
> There has been a code-injection vulnerability in bash for the last 22
> years, recently discovered and named "Shellshock". It's nasty.
> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271
>
> Here's a quick one-liner to see if you're vulnerable:
> $ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
> vulnerable
> this is a test
> $
>
> If you get that result, update your bash from the repositories, and all
> should be well:
> $ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
> bash: warning: x: ignoring function definition attempt
> bash: error importing function definition for `x'
> this is a test
> $
>
> Safe computing to all
Updates were pushed out yesterday & this morning:
Ubuntu Security Notice USN-2363-1
September 25, 2014
Ubuntu Security Notice USN-2363-2
September 26, 2014
(2363-1 didn't work for 14.04, this is the fix for that)
More information about the ubuntu-users
mailing list