"Shellshock" bash bug
Graham Watkins
shellycat.gw at ntlworld.com
Sat Sep 27 12:48:35 UTC 2014
On 27/09/14 13:23, Kevin O'Gorman wrote:
> On my Xubuntu, with freshly installed GNU bash, version
> 4.3.11(1)-release (x86_64-pc-linux-gnu) from bash package version
> 4.3-7ubuntu1.3, I get instead an error message as I showed originally.
> Bash remarks that it's refusing to honor the function definition, and
> reports it as an error. Then it outputs the "this is a test" thing.
>
> For some reason, you're skipping that step. Be careful about the quotes
> and such.
>
> On Sat, Sep 27, 2014 at 4:07 AM, Colin Law <clanlaw at gmail.com
> <mailto:clanlaw at gmail.com>> wrote:
>
> On 27 September 2014 11:57, Graham Watkins
> <shellycat.gw at ntlworld.com <mailto:shellycat.gw at ntlworld.com>> wrote:
> >
> >> You were not supposed to copy the $, just from env
> >> In the terminal you normally see $ at the point where you type the
> >> command.
> >>
> >> Colin
> >>
> >
> > Silly me. Thanks.
> >
> > Now I'm getting:
> >
> > env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
> > this is a test
> >
> > I take it this means I'm clean. Updates have given me a new bash twice this
> > week,
>
> Yes, that is good.
>
> Colin
>
> --
> ubuntu-users mailing list
> ubuntu-users at lists.ubuntu.com <mailto:ubuntu-users at lists.ubuntu.com>
> Modify settings or unsubscribe at:
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
>
>
>
>
> --
> Kevin O'Gorman
> #define QUESTION ((bb) || (!bb)) /* Shakespeare */
>
> Please consider the environment before printing this email.
>
>
>
>
For what it's worth, I did not get that error message. What I quoted was
exactly the terminal output I got.
Cheers,
Graham
More information about the ubuntu-users
mailing list