[kwlug-disc] Vulnerability in bash
Khalid Baheyeldin
kb at 2bits.com
Thu Sep 25 18:46:19 EDT 2014
After applying the second update for bash (announced in the past hour), the
bug reported below is no longer a problem.
$ env -i X='() { (a)=>\' bash -c 'echo date'; cat echo
bash: X: line 1: syntax error near unexpected token `='
bash: X: line 1: `'
bash: error importing function definition for `X'
date
cat: echo: No such file or directory
On Thu, Sep 25, 2014 at 11:48 AM, Khalid Baheyeldin <kb at 2bits.com> wrote:
>
> Someone is reporting that the fix is incomplete. It is still possible to
> execute commands and redirect their output to files
>
> https://bugzilla.redhat.com/show_bug.cgi?id=1141597#c23
>
> So we are still vulnerable ...
>
--
Khalid M. Baheyeldin
2bits.com, Inc.
Fast Reliable Drupal
Drupal optimization, development, customization and consulting.
Simplicity is prerequisite for reliability. -- Edsger W.Dijkstra
Simplicity is the ultimate sophistication. -- Leonardo da Vinci
For every complex problem, there is an answer that is clear, simple, and
wrong." -- H.L. Mencken
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kwlug.org/pipermail/kwlug-disc_kwlug.org/attachments/20140925/198dc1b6/attachment.htm>
More information about the kwlug-disc
mailing list