Monday, 29 September 2014

Bash Code Injection Vulnerability


rpm -qa | grep bash

bash-3.2-32.el5

env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
vulnerable
this is a test
You have new mail in /var/spool/mail/root

yum upgrade bash

env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'

rpm -qa | grep bash
bash-3.2-33.el5.1

Ref :- https://access.redhat.com/articles/1200223

No comments:

Post a comment