[lp-br-sp] [AVISO] Remote Exploit Vulnerability Found In Bash

libreplanet-br-sp

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[lp-br-sp] [AVISO] Remote Exploit Vulnerability Found In Bash

From:	Sergio Durigan Junior
Subject:	[lp-br-sp] [AVISO] Remote Exploit Vulnerability Found In Bash
Date:	Wed, 24 Sep 2014 15:32:10 -0400
User-agent:	Gnus/5.13 (Gnus v5.13) Emacs/24.3 (gnu/linux)

Opa,

  <http://seclists.org/oss-sec/2014/q3/650>

Já atualizei nosso servidor com o pacote que tem o fix (já saiu no
Debian).

Se quiserem verificar se o seu bash tem o bug (bem provável):

  env x='() { :;}; echo vulnerable' bash -c "test"

Você deve ver uma saída do tipo:

  bash: warning: x: ignoring function definition attempt
  bash: error importing function definition for `x'
  test

Se conseguir ver o "vulnerable", está afetado.

Falou,

-- 
Sergio
GPG key ID: 0x65FC5E36
Please send encrypted e-mail if possible
http://sergiodj.net/

[Prev in Thread]

Current Thread

[Next in Thread]

[lp-br-sp] [AVISO] Remote Exploit Vulnerability Found In Bash, Sergio Durigan Junior <=
- Re: [lp-br-sp] [AVISO] Remote Exploit Vulnerability Found In Bash, Gabriel Krisman Bertazi, 2014/09/24
  - Re: [lp-br-sp] [AVISO] Remote Exploit Vulnerability Found In Bash, Gabriel Krisman Bertazi, 2014/09/24
- Re: [lp-br-sp] [AVISO] Remote Exploit Vulnerability Found In Bash, Sergio Durigan Junior, 2014/09/25
  - Re: [lp-br-sp] [AVISO] Remote Exploit Vulnerability Found In Bash, Sergio Durigan Junior, 2014/09/25

Prev by Date: Re: [lp-br-sp] Plataforma MediaGoblin
Next by Date: Re: [lp-br-sp] [AVISO] Remote Exploit Vulnerability Found In Bash
Previous by thread: [lp-br-sp] Appmaker
Next by thread: Re: [lp-br-sp] [AVISO] Remote Exploit Vulnerability Found In Bash
Index(es):
- Date
- Thread