[PLUG] cross-platform bash vulnerability widespread
Fred James
fredjame at fredjame.cnc.net
Thu Sep 25 16:35:19 UTC 2014
Damo Gets wrote:
> I would strongly recommend visiting the following link:
> http://arstechnica.com/security/2014/09/bug-in-bash-shell-creates-big-security-hole-on-anything-with-nix-in-it/
>
> Long story short, if you can execute this shell command:
>
> env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
>
> and receive a successful execution (giving you the output:
> 'vulnerable\nthis is a test', then you are vulnerable to the bash
> exploit that's just been discovered.
>
> I was pretty surprised to realize that even my OpenBSD machine,
> running bash only from an outside package from the ports collection to
> keep my luddite users happy was vulnerable to this exploit. It's a
> pretty serious concern; this is not limited to just Linux. Any *NIX
> machine is vulnerable. Hell, probably even cygwin. I just tested a
> hackintosh running OS/X and it's vulnerable there, too. :P
>
> Heads up, sys- & net- admins.
>
> - -Damo
>
Mageia pushed a update for the problem yesterday
$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test
$
More information about the PLUG
mailing list