On 11/9/15 6:03 AM, Muhammad Hafiz Izman Bin Ab Rahim wrote: > mhafizizman@ThinkspiratioN:~$ bash --version > GNU bash, version 4.3.0(1)-release (x86_64-unknown-linux-gnu) > Copyright (C) 2013 Free Software Foundation, Inc. > License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> > > This is free software; you are free to change and redistribute it. > There is NO WARRANTY, to the extent permitted by law. > > > mhafizizman@ThinkspiratioN:~$ env x='() { :;}; echo vulnerable' bash -c > "echo this is a test" > vulnerable > this is a test
If you built bash yourself from source, you can get all the patches from ftp.gnu.org or a gzipped tar file of the current version with all patches applied from http://git.savannah.gnu.org/cgit/bash.git/snapshot/bash-master.tar.gz If you got bash as part of your Linux distribution, you should get a patched version from your vendor. Chet -- ``The lyf so short, the craft so long to lerne.'' - Chaucer ``Ars longa, vita brevis'' - Hippocrates Chet Ramey, ITS, CWRU c...@case.edu http://cnswww.cns.cwru.edu/~chet/
