These were tested using the env x=.... command in the Ars article. OpenSuse 13.1 has been updated. I'm not sure when. GNU bash, version 4.2.47(1)-release (x86_64-suse-linux-gnu)
OS X 10.9.5 is vulnerable. GNU bash, version 3.2.51(1)-release (x86_64-apple-darwin13) I run MobaXterm on Windows and it's also vulnerable: GNU bash, version 4.1.10(3)-release (i686-pc-cygwin) -- Brian On Thu, Sep 25, 2014 at 12:35 PM, Fred James <[email protected]> wrote: > Damo Gets wrote: > > I would strongly recommend visiting the following link: > > > http://arstechnica.com/security/2014/09/bug-in-bash-shell-creates-big-security-hole-on-anything-with-nix-in-it/ > > > > Long story short, if you can execute this shell command: > > > > env x='() { :;}; echo vulnerable' bash -c "echo this is a test" > > > > and receive a successful execution (giving you the output: > > 'vulnerable\nthis is a test', then you are vulnerable to the bash > > exploit that's just been discovered. > > > > I was pretty surprised to realize that even my OpenBSD machine, > > running bash only from an outside package from the ports collection to > > keep my luddite users happy was vulnerable to this exploit. It's a > > pretty serious concern; this is not limited to just Linux. Any *NIX > > machine is vulnerable. Hell, probably even cygwin. I just tested a > > hackintosh running OS/X and it's vulnerable there, too. :P > > > > Heads up, sys- & net- admins. > > > > - -Damo > > > Mageia pushed a update for the problem yesterday > > $ env x='() { :;}; echo vulnerable' bash -c "echo this is a test" > bash: warning: x: ignoring function definition attempt > bash: error importing function definition for `x' > this is a test > $ > _______________________________________________ > PLUG mailing list > [email protected] > http://lists.pdxlinux.org/mailman/listinfo/plug > -- "Anyone who has never made a mistake has never tried anything new." -Albert Einstein _______________________________________________ PLUG mailing list [email protected] http://lists.pdxlinux.org/mailman/listinfo/plug
