Re: Bash Code Injection Vulnerability via Specially Crafted Environment Variables (CVE-2014-6271)
By default I have seemingly assumed sysadmin
duties for a host running Debian 6.0.7 (squeeze). So (not having done a
lot of this before) ...
1) the system bash is vulnerable
> env x='() { :;}; echo vulnerable'
bash -c "echo this is a test"
vulnerable
this is a test
2) bash is version 4.1.5
host: bash --version
GNU bash, version 4.1.5(1)-release (i486-pc-linux-gnu)
3) There are no upgrades
$ apt-get install bash
Reading package lists... Done
Building dependency tree
Reading state information... Done
bash is already the newest version.
Would you mind recommending how best
I should proceed?
Thank you,
Joe Loiacono
Reply to: