On Thu, Sep 25, 2014 at 10:53 AM, Nick Kew <[email protected]> wrote:
>> The exploit is said to be any env var value looking like
>>
>> () { something }; problematicPart
>
> That's a pattern that can be regexp-matched. The regexp
> could be hardwired in under the name "CVE-2014-6271"
> for sysops who want an easy life.
The latest news on this (CVE-2014-7169) suggest that bash's function
parser has more than this single issue, so the problematic pattern is
probably something as simple as:
( ) { problematicPart
Or as a PCRE :
^\s*\(\s*\)\s*\{.*
Regards,
Yann.
