Hello Greg, thanks for the hint, this seems to be the solution. I've copied the compiled bash binary to the first directory from $PATH output and now the test is ok:
[naegele@pinie ~]$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test" bash: warning: x: ignoring function definition attempt bash: error importing function definition for `x' this is a test Regards, Ralf On Thu, 25 Sep 2014, Greg Wooledge wrote: > Date: Thu, 25 Sep 2014 16:52:19 -0400 > From: Greg Wooledge <wool...@eeg.ccf.org> > To: ralf.naeg...@she.net > Cc: bug-bash@gnu.org > Subject: Re: Bash-4.3 Official Patch 25 Bug 896776 - (CVE-2014-6271) > > On Thu, Sep 25, 2014 at 05:33:38PM +0200, ralf.naeg...@she.net wrote: > > env x='() { :;}; echo vulnerable' bash -c "echo this is a test" > > Did you *install* the patched version so that it is the first "bash" in > your PATH before running this? If not, you should specify a path to > bash (e.g. ./bash -c "echo ..."). >