Re: Bash vulnerable

To: Lista Debian <debian-user-spanish@lists.debian.org>
Subject: Re: Bash vulnerable
From: Guido Ignacio <guidoignacio@gmail.com>
Date: Thu, 25 Sep 2014 11:49:11 -0300
Message-id: <[🔎] CA+wiXxgWUwogmtPqazwV-vNMs+0ybcZUSn+Ti2jDQHWj2U2R0w@mail.gmail.com>
In-reply-to: <[🔎] 542423E2.8020903@gmail.com>
References: <[🔎] 542423E2.8020903@gmail.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

2014-09-25 11:17 GMT-03:00 ciracusa :
> Hola Lista,
>
> Alguien leyo algo de esta vulnerabilidad en BASH:
>
> env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
>
> Muchas Gracias.
>
> Salu2.
>

Acá el PoC de la vulnerabilidad [1]

[1] http://blog.segu-info.com.ar/2014/09/grave-vulnerabilidad-en-bash-y-otros.html
-----BEGIN PGP SIGNATURE-----
Version: OpenPGP.js v0.5.1
Comment: http://openpgpjs.org

wsBcBAEBCAAQBQJUJCtdCRDP17wMFuiP8AAAzHEH/0at+acGXVr9iJq2aC4y
RbUibML7UZ06WhplhhIL/8+hREWjnl7GyB+jR5xV9rfmAeGMIXfTffbEtzEh
winp+Cb57d8NXtibiPBEx5NcCezjdfi1p7ATShNHhlMmZUGemq3B53iFbs+f
QmYJH8VP1y9I6jxWXMykpKGEqfQn98NzwLl3Kz5ki2gsr7D9Jr9STD60W+E0
vUADm+lMBO77tvuqSfvzVpA2p230vruq9tfGlC8UIDWkaYUcWrTJp0T1q1qY
B/ecB44Xu+8sGcz9HZXe7tNXF/T4D9lyloTjTyruQLzrCBhRPuHfr0RNxRCL
YHKBVuvuOtj7gJe3gdRqMFo=
=UWEC
-----END PGP SIGNATURE-----

Reply to:

References:
- Bash vulnerable
  - From: ciracusa <ciracusa@gmail.com>

Prev by Date: Re: Problema en la validación de usuarios en Roundcube utilizando Postfix+Dovecot+LDAP sobre Debian 7
Next by Date: Re: Problema en la validación de usuarios en Roundcube utilizando Postfix+Dovecot+LDAP sobre Debian 7
Previous by thread: Re: Bash vulnerable
Next by thread: Re: Bash vulnerable
Index(es):
- Date
- Thread