[PLUG] ALL BASH RELEASES STILL VULNERABLE [Re: cross-platform bash vulnerability widespread]
Micah Cowan
micah at addictivecode.org
Thu Sep 25 20:44:42 UTC 2014
At least one person had different (but still rather wrong-looking) results
for that example (which is the one from CVE-2014-7169's cited links); I've
seen another one being passed around with a moderately different syntax, so
give it a try too:
V='() { function a a>\' bash -c 'iam-vulnerable';ls iam-vulnerable;rm -f
iam-vulnerable
(if it's not clear, the backslash there is a literal backslash, they don't
quote things in single-quote-mode. Also, despite the fact that the word
"env" is missing from the example, be assured it is setting V in the
environment. "VAR=foo cmd..." is a portable sh way to set cmd's env just
prior to executing it (without affecting anything in the outer/interactive
shell).)
-mjc
On Thu, Sep 25, 2014 at 12:31 PM, Micah Cowan <micah at addictivecode.org>
wrote:
> Sorry, that should be:
>
> $ env X='() { (a)=>\' bash -c "echo date"; cat echo
>
> The previous version obviously only works if your sh is bash, obviously.
>
> -mjc
>
> On Thu, Sep 25, 2014 at 12:25 PM, Micah Cowan <micah at addictivecode.org>
> wrote:
>
>> > $ env X='() { (a)=>\' sh -c "echo date"; cat echo
>>
>
More information about the PLUG
mailing list