Tagged: fix
Alert: Bash Code Injection Vulnerability
- by admin
This is really serious: Red Hat Product Security has been made aware of a vulnerability affecting all versions of the Bash package shipped with Red Hat Enterprise Linux. Since many of Red Hat's products run on a base installation of Red Hat Enteprise Linux, there is a risk of other products being impacted by this vulnerability as well.
The same issue found in Debian 6 & 7...
In order to test if your version of Bash is vulnerable to this issue, run the following command:
$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
If the output of the above command looks as follows:
vulnerable<br /> this is a test
you are using a vulnerable version of Bash. The patch used to fix this issue ensures that no code is allowed after the end of a Bash function. Thus, if you run the above example with the patched version of Bash, you should get an output similar to:
$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"<br />
bash: warning: x: ignoring function definition attempt<br />
bash: error importing function definition for `x'<br />
this is a test
