[lp-ca-on] [WARN] Remote code execution through bash

libreplanet-ca-on

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[lp-ca-on] [WARN] Remote code execution through bash

From:	Sergio Durigan Junior
Subject:	[lp-ca-on] [WARN] Remote code execution through bash
Date:	Wed, 24 Sep 2014 17:28:51 -0400
User-agent:	Gnus/5.13 (Gnus v5.13) Emacs/24.3 (gnu/linux)

Hey,

Not sure how many of you track security vulnerabilities and such, so I
thought it'd be best to warn :-).

  <http://seclists.org/oss-sec/2014/q3/650>

This is a bash vulnerability that has been found, and affect most bash
users.  To test if your bash is compromised, you can use this simple
command:

  env x='() { :;}; echo vulnerable' bash -c "test"

You should see something like:

  bash: warning: x: ignoring function definition attempt
  bash: error importing function definition for `x'
  test

If not, then you should update your bash.  Debian is already offering
the update, and I am still waiting for Fedora.

Cheers,

-- 
Sergio
GPG key ID: 0x65FC5E36
Please send encrypted e-mail if possible
http://sergiodj.net/

[Prev in Thread]

Current Thread

[Next in Thread]

[lp-ca-on] [WARN] Remote code execution through bash, Sergio Durigan Junior <=
- Re: [lp-ca-on] [WARN] Remote code execution through bash, Sergio Durigan Junior, 2014/09/25
  - Re: [lp-ca-on] [WARN] Remote code execution through bash, Blaise Alleyne, 2014/09/25
    - Re: [lp-ca-on] [WARN] Remote code execution through bash, Sergio Durigan Junior, 2014/09/25

Prev by Date: Re: [lp-ca-on] Starting phase #1
Next by Date: Re: [lp-ca-on] [WARN] Remote code execution through bash
Previous by thread: [lp-ca-on] Starting phase #1
Next by thread: Re: [lp-ca-on] [WARN] Remote code execution through bash
Index(es):
- Date
- Thread