Author Topic: bash vulnerability!  (Read 1718 times)


  • Sr. Member
  • ****
  • Posts: 450
bash vulnerability!
« on: September 25, 2014, 10:14:17 am »

You can check if you're vulnerable by running the following lines in your default shell, which on many systems will be Bash. If you see the words "busted", then you're at risk. If not, then either your Bash is fixed or your shell is using another interpreter.
Code: [Select]
env X="() { :;} ; echo busted" /bin/sh -c "echo completed"
env X="() { :;} ; echo busted" `which bash` -c "echo completed"

ksh, naravno, nije pogodjena...


  • Administrator
  • Hero Member
  • *****
  • Posts: 969
    • BSDSrbija
Re: bash vulnerability!
« Reply #1 on: September 25, 2014, 11:03:36 am »

Code: [Select]
uname -rms ; pkg_add bash ; env X="() { :;} ; echo busted" `which bash` -c "echo completed"
OpenBSD 5.5 amd64
bash-4.2.45p0: ok

Naravno, nije zgoreg poznavati vlastiti server, i znati u svakom momentu da li mozda nesto od instaliranih stvari koje su ranjive ipak trazi bash kao dependency...