On Sep 26, 2014 11:56 AM, "Harry Putnam" <reader@newsguy.com> wrote:
>
> After an `aptitude full-upgrade' this morning. I still get the
> `VULNERABLE' answer to `x='() { :;}; echo VULNERABLE' bash -c :'
>
> I hope that is the correct string... (extracted while googling on
> vulnerability)
>
> I did ssh to my user from the same shell I ran aptitude in to make
> sure I had a new login... but I still see `Vulnerable' in answer to
> the string above.
>
> Incidentally I get that same `Vulnerable' answer to `ksh' as well.
> After googling a bit about ksh... I haven't really found solid info
> about whether ksh is a problem too.
>
> I was a little surprised to see so little mention of this bash
> thing here too.
>
> Is this bash vulnerability not really a major concern?
I just upgraded my testing system and the vulnerability went away.
Patrick