"Shellshock" bash bug
Colin Law
clanlaw at gmail.com
Sat Sep 27 10:09:21 UTC 2014
On 27 September 2014 11:05, Graham Watkins <shellycat.gw at ntlworld.com> wrote:
> On 26/09/14 16:43, Kevin O'Gorman wrote:
>>
>> There has been a code-injection vulnerability in bash for the last 22
>> years, recently discovered and named "Shellshock". It's nasty.
>> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271
>>
>> Here's a quick one-liner to see if you're vulnerable:
>> $ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
>> vulnerable
>> this is a test
>> $
>>
>> If you get that result, update your bash from the repositories, and all
>> should be well:
>> $ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
>> bash: warning: x: ignoring function definition attempt
>> bash: error importing function definition for `x'
>> this is a test
>> $
>>
>> Safe computing to all
>>
>>
>> --
>> Kevin O'Gorman
>> #define QUESTION ((bb) || (!b)) /* Shakespeare */
>>
>> Please consider the environment before printing this email.
>>
>>
>>
>>
> The result I get is:
>
> "$: command not found"
You were not supposed to copy the $, just from env
In the terminal you normally see $ at the point where you type the command.
Colin
More information about the ubuntu-users
mailing list