Re: [SLUG] patch your bash shells now

Thu, 25 Sep 2014 23:48:08 -0700 

Menno I believe that is the old test, not entirely accurate.

This one is supposed to be more accurate.

rm -f echo; env X='() { (a)=>\' bash -c "echo date"; cat echo


If you're safe it should return:
date
cat: echo: No such file or directory

I'm no BASH expert so I'm not too sure how the two tests differ in terms of
effectively detecting the vulnerability.



On Fri, Sep 26, 2014 at 3:53 PM, Menno Schaaf <amano.gi...@gmail.com> wrote:

> At a command prompt:
>
> # env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
>
>  vulnerable
>  this is a test
>
>
> After updating the result should be:
>
> # env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
>
>  bash: warning: x: ignoring function definition attempt
>  bash: error importing function definition for `x'
>  this is a test
>
>
> On 26 September 2014 15:47, David <da...@kenpro.com.au> wrote:
>
> > How to know I have the secure version?
> >
> >
> > root@debian-wheezy:~# bash --version
> > GNU bash, version 4.2.37(1)-release (x86_64-pc-linux-gnu)
> >
> > root@ubuntu-12.04:~# bash --version
> > GNU bash, version 4.2.25(1)-release (x86_64-pc-linux-gnu)
> >
> > both upgraded for the second time today, just before sending this email.
> >
> >
> >
> >
> >
> >
> > On 26/09/14 14:03, Jonathan Molyneux wrote:
> >
> >> Hey SLUG,
> >>
> >> I'm sure everyone's aware of this issue.
> >> But just for the people that may have missed the fan fair yesterday:
> >> http://it.slashdot.org/story/14/09/25/236256/first-
> >> shellshock-botnet-attacking-akamai-us-dod-networks
> >>
> >> If your running debian, they re-released a patch this morning (a
> complete
> >> fix now).
> >> If you think you are not affected, YOU ARE AFFECTED, patch all your
> >> systems (this has so many vectors).
> >>
> >> Regards
> >> Jonathan
> >>
> >
> > --
> > David McQuire
> > 0418 310312
> >
> >
> > --
> > SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
> > Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
> >
> --
> SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
> Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
>



-- 
Kind Regards,

Christopher Barnes

e. chris.p.bar...@gmail.com
-- 
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html

Reply via email to