[Wolves] bash Vulnerability
Chris Ellis
chris at intrbiz.com
Thu Sep 25 08:05:54 UTC 2014
On Thu, Sep 25, 2014 at 8:57 AM, John Rose <john.aaron.rose at gmail.com>
wrote:
> Not vulnerable on up to date Ubuntu 14.04.
>
Sadly, that statement is now incorrect. Patches for CVE-2014-6271 were
pushed by
most distros yesterday evening. However it has now been discovered that
the patch
is incomplete and CVE-2014-7169 has been issued to over that. So there
will be
another update released soon.
https://access.redhat.com/articles/1200223
Regards,
> John
>
> On 25/09/14 08:55, Ron Wellsted wrote:
>
> In case you have been off the net for the past 24 hours, there is a
> vulnerability which allows a specially crafted shell script to run
> arbitrary code, so it is time to update your systems.
>
> To test if your version of bash is vulnerable to this issue, please run
> the following line of bash script (I promise this only tests for the
> vulnerability !):
>
> env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
>
>
> Regards,
Chris
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.lug.org.uk/pipermail/wolves/attachments/20140925/be04f522/attachment.html>
More information about the Wolves
mailing list