[GLLUG] Bash Bug

Fred Youhanaie fly at anydata.co.uk
Thu Sep 25 16:09:23 UTC 2014



On 25/09/14 16:54, Iain M Conochie wrote:
>
> On 25/09/14 16:25, James Roberts wrote:
>> On 25/09/14 10:14, Sunny Aujla wrote:
>>> Thought I'd share this with everyone.
>>>
>>> https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/
>>
>> I've just about finished checking all our systems and so far it's a Red Hat/CentOS only issue and there's a (possibly transitional but at least working for now) patch.
>> <snip>
> Sorry mate, but this is a bash bug, and is not confined only to RHEL / CentOS:
>
>
>>$ env x='() { :;}; \
> echo vulnerable'  bash -c "echo this is a test"
> vulnerable
> this is a test
>>$ cat /etc/debian_version
> 6.0.10

Debian has pushed out updates for wheezy (7), but I haven't seen any updates for squeeze (6), yet!

BTW, don't forget to update cygwin too, if you have it installed anywhere.


Cheers
f.




More information about the GLLUG mailing list