At a command prompt: # env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
vulnerable this is a test After updating the result should be: # env x='() { :;}; echo vulnerable' bash -c "echo this is a test" bash: warning: x: ignoring function definition attempt bash: error importing function definition for `x' this is a test On 26 September 2014 15:47, David <da...@kenpro.com.au> wrote: > How to know I have the secure version? > > > root@debian-wheezy:~# bash --version > GNU bash, version 4.2.37(1)-release (x86_64-pc-linux-gnu) > > root@ubuntu-12.04:~# bash --version > GNU bash, version 4.2.25(1)-release (x86_64-pc-linux-gnu) > > both upgraded for the second time today, just before sending this email. > > > > > > > On 26/09/14 14:03, Jonathan Molyneux wrote: > >> Hey SLUG, >> >> I'm sure everyone's aware of this issue. >> But just for the people that may have missed the fan fair yesterday: >> http://it.slashdot.org/story/14/09/25/236256/first- >> shellshock-botnet-attacking-akamai-us-dod-networks >> >> If your running debian, they re-released a patch this morning (a complete >> fix now). >> If you think you are not affected, YOU ARE AFFECTED, patch all your >> systems (this has so many vectors). >> >> Regards >> Jonathan >> > > -- > David McQuire > 0418 310312 > > > -- > SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ > Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html > -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html