"Shellshock" bash bug
Colin Law
clanlaw at gmail.com
Fri Sep 26 21:17:06 UTC 2014
On 26 September 2014 16:43, Kevin O'Gorman <kogorman at gmail.com> wrote:
> There has been a code-injection vulnerability in bash for the last 22
> years, recently discovered and named "Shellshock". It's nasty.
> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271
>
I don't fully understand the description. I have a system that cannot be
updated that has an ssh port open to the internet, with access by keys
only. Is that system vulnerable to attack?
Colin
>
> Here's a quick one-liner to see if you're vulnerable:
> $ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
> vulnerable
> this is a test
> $
>
> If you get that result, update your bash from the repositories, and all
> should be well:
> $ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
> bash: warning: x: ignoring function definition attempt
> bash: error importing function definition for `x'
> this is a test
> $
>
> Safe computing to all
>
>
> --
> Kevin O'Gorman
> #define QUESTION ((bb) || (!b)) /* Shakespeare */
>
> Please consider the environment before printing this email.
>
> --
> ubuntu-users mailing list
> ubuntu-users at lists.ubuntu.com
> Modify settings or unsubscribe at:
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20140926/50fdcf39/attachment.html>
More information about the ubuntu-users
mailing list