On Thu, Sep 25, 2014 at 10:53 AM, Nick Kew <n...@apache.org> wrote: >> The exploit is said to be any env var value looking like >> >> () { something }; problematicPart > > That's a pattern that can be regexp-matched. The regexp > could be hardwired in under the name "CVE-2014-6271" > for sysops who want an easy life.
The latest news on this (CVE-2014-7169) suggest that bash's function parser has more than this single issue, so the problematic pattern is probably something as simple as: ( ) { problematicPart Or as a PCRE : ^\s*\(\s*\)\s*\{.* Regards, Yann.