Typo... ---------- Forwarded message ---------- From: Volker Kuhlmann <hidden(a)paradise.net.nz> Date: Thu, Sep 25, 2014 at 10:23 AM Subject: Re: [NZLUG] ALERT: Remote code-exec in bash (CVE-2014-6271) To: NZ Linux Users Group <nzlug(a)lists.nzoss.org.nz> On Thu 25 Sep 2014 08:33:37 NZST +1200, Clark Mills wrote:
[ from /. thread ]
This is the test to see if you are vulnerable:
env x='() {:;}; echo vulnerable' bash -c "echo this is a test"
bash env x='() {:;}; echo vulnerable' bash -c "echo this is a test" bash: x: line 0: syntax error near unexpected token `{:' bash: x: line 0: `x () {:;}; echo vulnerable' bash: error importing function definition for `x'
env x='() { :;}; echo vulnerable' bash -c "echo this is a test" vulnerable
Thanks for that. http://beta.slashdot.org/comments.pl?sid=5750159&cid=47985625 However, your code here seems to have a serious copy/paste/etc error in it: this is a test this is a test GNU bash, version 4.2.42(1)-release (x86_64-suse-linux-gnu) Volker -- Volker Kuhlmann is list0570 with the domain in header. http://volker.top.geek.nz/ Please do not CC list postings to me. _______________________________________________ NZLUG mailing list NZLUG(a)lists.nzoss.org.nz http://lists.nzoss.org.nz/mailman/listinfo/nzlug -- Peter Reutemann, Dept. of Computer Science, University of Waikato, NZ http://www.cms.waikato.ac.nz/~fracpete/ Ph. +64 (7) 858-5174