Re: Bash Code Injection Vulnerability via Specially Crafted Environment Variables (CVE-2014-6271
On Wed, 24 Sep 2014 16:25:58 -0500
John Hasler <jhasler@newsguy.com> wrote:
[snip]
> Package : bash
> CVE ID : CVE-2014-6271
>
> Stephane Chazelas discovered a vulnerability in bash,
[snip]
> For the stable distribution (wheezy), this problem has been fixed in
> version 4.2+dfsg-0.1+deb7u1.
[snip]
>
> frequently asked questions can be
> found at: https://www.debian.org/security/
Festive!
The instructions (specifically apt-get update && apt-get upgrade) fixed
my problem, as shown below!
slitt@mydesq2:~$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test
slitt@mydesq2:~$
Thank you! I was worried about that.
SteveT
Steve Litt * http://www.troubleshooters.com/
Troubleshooting Training * Human Performance
Reply to: