[Wolves] bash Vulnerability

Chris Ellis chris at intrbiz.com
Thu Sep 25 08:05:54 UTC 2014

On Thu, Sep 25, 2014 at 8:57 AM, John Rose <john.aaron.rose at gmail.com>

>  Not vulnerable on up to date Ubuntu 14.04.

Sadly, that statement is now incorrect.  Patches for  CVE-2014-6271 were
pushed by
most distros yesterday evening.  However it has now been discovered that
the patch
is incomplete and CVE-2014-7169 has been issued to over that.  So there
will be
another update released soon.


> John
> On 25/09/14 08:55, Ron Wellsted wrote:
> In case you have been off the net for the past 24 hours, there is a
> vulnerability which allows a specially crafted shell script to run
> arbitrary code, so it is time to update your systems.
> To test if your version of bash is vulnerable to this issue, please run
> the following line of bash script (I promise this only tests for the
> vulnerability !):
> env x='() { :;}; echo vulnerable'  bash -c "echo this is a test"
> Regards,
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.lug.org.uk/pipermail/wolves/attachments/20140925/be04f522/attachment.html>

More information about the Wolves mailing list