Wedge

Public area => The Pub => Off-topic => Topic started by: Pandos on September 25th, 2014, 02:34 PM

Title: Remote code execution through bash!
Post by: Pandos on September 25th, 2014, 02:34 PM
It's possible to execute remote code through bash.
This is a major security vulnerability.
Please update your distros (if you are root). :)

e.g. Debian:
apt-get update
and then:
apt-get dist-upgrade

Full message:
http://www.openwall.com/lists/oss-security/2014/09/24/11
Title: Re: Remote code execution through bash!
Post by: Bunstonious on September 25th, 2014, 02:41 PM
Thanks for the heads-up.
Title: Re: Remote code execution through bash!
Post by: Johnny54 on September 25th, 2014, 03:25 PM
First released patches not good enough.
https://access.redhat.com/articles/1200223
Title: Re: Remote code execution through bash!
Post by: Jurien on September 25th, 2014, 06:18 PM
You could check your system if it's vulnerable or not,from a command line, type:
Code: [Select]
env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

If the system is vulnerable, the output will be:
Quote
vulnerable
this is a test
An unaffected (or patched) system will output:
Quote
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
 this is a test