"Shellshock" bash bug

Gene Heskett gheskett at wdtv.com
Sat Sep 27 00:31:07 UTC 2014 

On Friday 26 September 2014 17:17:06 Colin Law did opine
And Gene did reply:
> On 26 September 2014 16:43, Kevin O'Gorman <kogorman at gmail.com> wrote:
> > There has been a code-injection vulnerability in bash for the last 22
> > years, recently discovered and named "Shellshock".  It's nasty.
> > http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271
> 
> I don't fully understand the description.  I have a system that cannot
> be updated that has an ssh port open to the internet, with access by
> keys only.  Is that system vulnerable to attack?
> 
> Colin
> 
Top posting, bah! Read the rest of the message below, open a terminal

> > Here's a quick one-liner to see if you're vulnerable:
> > $ env x='() { :;}; echo vulnerable'  bash -c "echo this is a test"
> > vulnerable

And enter into the terminal from the keyboard, the above line starting 
with "env", to the end at 'test"', duplicating the quotation marks etc you 
see above.

Then hit enter and you should get the vulnerable return if you are, or the 
bash error shown below, ending in the last line 'this is a test'.  That 
response says you are not vulnerable.

> > this is a test
> > $
> > 
> > If you get that result, update your bash from the repositories, and
> > all should be well:
> > $ env x='() { :;}; echo vulnerable'  bash -c "echo this is a test"
> > bash: warning: x: ignoring function definition attempt
> > bash: error importing function definition for `x'
> > this is a test
> > $
> > 
> > Safe computing to all
> > 
> > 
> > --
> > Kevin O'Gorman
> > #define QUESTION ((bb) || (!b))  /* Shakespeare */
> > 
> > Please consider the environment before printing this email.
> > 
> > --
> > ubuntu-users mailing list
> > ubuntu-users at lists.ubuntu.com
> > Modify settings or unsubscribe at:
> > https://lists.ubuntu.com/mailman/listinfo/ubuntu-users


Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page <http://geneslinuxbox.net:6309/gene>
US V Castleman, SCOTUS, Mar 2014 is grounds for Impeaching SCOTUS

More information about the ubuntu-users mailing list