Main Area and Open Discussion > General Software Discussion
Linux bash exploit discovered
wraith808:
A note... git bash is vulnerable
Renegade:
A note... git bash is vulnerable
-wraith808 (September 26, 2014, 10:39 AM)
--- End quote ---
Shhhh! That's my Viagra email server!!! :P
Ath:
env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
-40hz (September 26, 2014, 08:42 AM)
--- End quote ---
That's the simple test, but this one still shows the date/time of execution after patch 1 is applied:
--- ---rm -f echo && env -i X='() { (a)=>\' bash -c 'echo date'; cat echoAfter applying the second patch it should just do nothing, afaik.
Oh, run it in an empty directory, just to be safe, it will delete, and can create, a file called echo
Stoic Joker:
This vulnerability effects Mac as well.
ewemoa:
IIUC, there are at least two more issues that have surfaced from investigating the original issue [1]. The following mentions CVE ids for these (handy to distinguish among issues):
http://article.gmane.org/gmane.comp.security.oss.general/13937
On a side note, looks like there's an FF issue that surfaced in a similar time frame...
Update: didn't realize Chrome appears to be affected too.
1...who knows how many more may be discovered...and which of those will remain unreported...
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version