Main Area and Open Discussion > General Software Discussion

Linux bash exploit discovered

<< < (3/7) > >>

wraith808:
A note... git bash is vulnerable

Renegade:
A note... git bash is vulnerable
-wraith808 (September 26, 2014, 10:39 AM)
--- End quote ---

Shhhh! That's my Viagra email server!!! :P

Ath:
env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
-40hz (September 26, 2014, 08:42 AM)
--- End quote ---

That's the simple test, but this one still shows the date/time of execution after patch 1 is applied:

--- ---rm -f echo && env -i  X='() { (a)=>\' bash -c 'echo date'; cat echoAfter applying the second patch it should just do nothing, afaik.
Oh, run it in an empty directory, just to be safe, it will delete, and can create, a file called echo

Stoic Joker:
This vulnerability effects Mac as well.

ewemoa:
IIUC, there are at least two more issues that have surfaced from investigating the original issue [1].  The following mentions CVE ids for these (handy to distinguish among issues):

  http://article.gmane.org/gmane.comp.security.oss.general/13937


On a side note, looks like there's an FF issue that surfaced in a similar time frame...

Update: didn't realize Chrome appears to be affected too.


1...who knows how many more may be discovered...and which of those will remain unreported...

Navigation

[0] Message Index

[#] Next page

[*] Previous page