24 Sep
2014
24 Sep
'14
9:16 p.m.
On Thu, Sep 25, 2014 at 08:49:24AM +1200, Peter Reutemann wrote:
[ from /. thread ]
This is the test to see if you are vulnerable:
env x='() {:;}; echo vulnerable' bash -c "echo this is a test"
And what should we see if we are vulnerable? My running of that just prints out syntax errors and then runs the echo command. The printing out of syntax errors does seem strange, as I would have expected the guff in the single quotes to be verbatim assigned to x without any globbing or variable substitution. But I am no expert in bash having learnt most of my Unix foo on Solaris and Tru64 Unix running csh. Cheers Michael.