Wedge

Public area => The Pub => Off-topic => Topic started by: Pandos on September 25th, 2014, 02:34 PM

Title: Remote code execution through bash!
Post by: Pandos on September 25th, 2014, 02:34 PM

It's possible to execute remote code through bash.
This is a major security vulnerability.
Please update your distros (if you are root). :)

e.g. Debian:
apt-get update
and then:
apt-get dist-upgrade

Full message:
http://www.openwall.com/lists/oss-security/2014/09/24/11

Title: Re: Remote code execution through bash!
Post by: Bunstonious on September 25th, 2014, 02:41 PM

Thanks for the heads-up.

Title: Re: Remote code execution through bash!
Post by: Johnny54 on September 25th, 2014, 03:25 PM

First released patches not good enough.
https://access.redhat.com/articles/1200223

Title: Re: Remote code execution through bash!
Post by: Jurien on September 25th, 2014, 06:18 PM

You could check your system if it's vulnerable or not,from a command line, type:

Code: [Select]

env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

If the system is vulnerable, the output will be:

Quote

vulnerable
this is a test

An unaffected (or patched) system will output:

Quote

bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
 this is a test