[PLUG] cross-platform bash vulnerability widespread
Bynoe, RonaldX J
ronaldx.j.bynoe at intel.com
Thu Sep 25 16:23:23 UTC 2014
It looks like Ubuntu (and Debian by extension) patched it as well, I ran the test before and after an apt-get upgrade and got this output:
ronald at paragon:~$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
vulnerable
this is a test
ronald at paragon:~$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test
Pleasantly,
Ronald Bynoe
________________________________________
From: plug-bounces at lists.pdxlinux.org [plug-bounces at lists.pdxlinux.org] on behalf of Rich Shepard [rshepard at appl-ecosys.com]
Sent: Thursday, September 25, 2014 9:14 AM
To: Portland Linux/Unix Group
Subject: Re: [PLUG] cross-platform bash vulnerability widespread
On Thu, 25 Sep 2014, Damo Gets wrote:
> Long story short, if you can execute this shell command:
Damo,
Slackware's dev team released a patched version yesterday evening. I'm
upgrading all systems here.
Rich
_______________________________________________
PLUG mailing list
PLUG at lists.pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug
More information about the PLUG
mailing list