Re: [SLUG] patch your bash shells now
Menno I believe that is the old test, not entirely accurate.
This one is supposed to be more accurate.
rm -f echo; env X='() { (a)=\' bash -c echo date; cat echo
If you're safe it should return:
date
cat: echo: No such file or directory
I'm no BASH expert so I'm not too sure how the two tests differ in terms of
effectively detecting the vulnerability.
On Fri, Sep 26, 2014 at 3:53 PM, Menno Schaaf amano.gi...@gmail.com wrote:
At a command prompt:
# env x='() { :;}; echo vulnerable' bash -c echo this is a test
vulnerable
this is a test
After updating the result should be:
# env x='() { :;}; echo vulnerable' bash -c echo this is a test
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test
On 26 September 2014 15:47, David da...@kenpro.com.au wrote:
How to know I have the secure version?
root@debian-wheezy:~# bash --version
GNU bash, version 4.2.37(1)-release (x86_64-pc-linux-gnu)
root@ubuntu-12.04:~# bash --version
GNU bash, version 4.2.25(1)-release (x86_64-pc-linux-gnu)
both upgraded for the second time today, just before sending this email.
On 26/09/14 14:03, Jonathan Molyneux wrote:
Hey SLUG,
I'm sure everyone's aware of this issue.
But just for the people that may have missed the fan fair yesterday:
http://it.slashdot.org/story/14/09/25/236256/first-
shellshock-botnet-attacking-akamai-us-dod-networks
If your running debian, they re-released a patch this morning (a
complete
fix now).
If you think you are not affected, YOU ARE AFFECTED, patch all your
systems (this has so many vectors).
Regards
Jonathan
--
David McQuire
0418 310312
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
--
Kind Regards,
Christopher Barnes
e. chris.p.bar...@gmail.com
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] patch your bash shells now
How to know I have the secure version? root@debian-wheezy:~# bash --version GNU bash, version 4.2.37(1)-release (x86_64-pc-linux-gnu) root@ubuntu-12.04:~# bash --version GNU bash, version 4.2.25(1)-release (x86_64-pc-linux-gnu) both upgraded for the second time today, just before sending this email. On 26/09/14 14:03, Jonathan Molyneux wrote: Hey SLUG, I'm sure everyone's aware of this issue. But just for the people that may have missed the fan fair yesterday: http://it.slashdot.org/story/14/09/25/236256/first-shellshock-botnet-attacking-akamai-us-dod-networks If your running debian, they re-released a patch this morning (a complete fix now). If you think you are not affected, YOU ARE AFFECTED, patch all your systems (this has so many vectors). Regards Jonathan -- David McQuire 0418 310312 -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
Re: [SLUG] patch your bash shells now
At a command prompt:
# env x='() { :;}; echo vulnerable' bash -c echo this is a test
vulnerable
this is a test
After updating the result should be:
# env x='() { :;}; echo vulnerable' bash -c echo this is a test
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test
On 26 September 2014 15:47, David da...@kenpro.com.au wrote:
How to know I have the secure version?
root@debian-wheezy:~# bash --version
GNU bash, version 4.2.37(1)-release (x86_64-pc-linux-gnu)
root@ubuntu-12.04:~# bash --version
GNU bash, version 4.2.25(1)-release (x86_64-pc-linux-gnu)
both upgraded for the second time today, just before sending this email.
On 26/09/14 14:03, Jonathan Molyneux wrote:
Hey SLUG,
I'm sure everyone's aware of this issue.
But just for the people that may have missed the fan fair yesterday:
http://it.slashdot.org/story/14/09/25/236256/first-
shellshock-botnet-attacking-akamai-us-dod-networks
If your running debian, they re-released a patch this morning (a complete
fix now).
If you think you are not affected, YOU ARE AFFECTED, patch all your
systems (this has so many vectors).
Regards
Jonathan
--
David McQuire
0418 310312
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
