Author Topic: bash vulnerability!  (Read 1578 times)

uporna_neznalica

  • Sr. Member
  • ****
  • Posts: 450
bash vulnerability!
« on: September 25, 2014, 10:14:17 am »
http://seclists.org/oss-sec/2014/q3/650

Takodje
http://www.theregister.co.uk/2014/09/24/bash_shell_vuln/
Quote
You can check if you're vulnerable by running the following lines in your default shell, which on many systems will be Bash. If you see the words "busted", then you're at risk. If not, then either your Bash is fixed or your shell is using another interpreter.
Code: [Select]
env X="() { :;} ; echo busted" /bin/sh -c "echo completed"
env X="() { :;} ; echo busted" `which bash` -c "echo completed"

ksh, naravno, nije pogodjena...

Zeleni_Obad

  • Administrator
  • Hero Member
  • *****
  • Posts: 969
    • BSDSrbija
Re: bash vulnerability!
« Reply #1 on: September 25, 2014, 11:03:36 am »

Code: [Select]
uname -rms ; pkg_add bash ; env X="() { :;} ; echo busted" `which bash` -c "echo completed"
OpenBSD 5.5 amd64
bash-4.2.45p0: ok
busted
completed

Naravno, nije zgoreg poznavati vlastiti server, i znati u svakom momentu da li mozda nesto od instaliranih stvari koje su ranjive ipak trazi bash kao dependency...