Important.
Possibly on all Unix, Linux and OSX platforms
Bash vulnerability: As seen on TV CNN etc
Diagnostic Steps
To test if your version of Bash is vulnerable to this issue, run the
following command:
$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
If the output of the above command looks as follows:
vulnerable
this is a test
you are using a vulnerable version of Bash. The patch used to fix this
issue ensures that no code is allowed after the end of a Bash function.
Thus, if you run the above example with the patched version of Bash, you
should get an output similar to:
$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test
Possibly can stop using a firewall rule:
iptables -A INPUT -m string --algo bm --hex-string '|28 29 20 7B|' -j DROP
*then save iptables etc.*
I ran the first part on my qmail-toaster servers, and was at risk.
Dave M