[Cialug] Shellshock Bash Remote Code Execution Vulnerability
Sean Flattery
sean.r.flattery at gmail.com
Thu Sep 25 09:34:39 CDT 2014
If you haven't heard yet, yesterday they announced a huge bug in bash that
allows attacker to remotely execute any bash commands without
authentication. Any service that calls to Bash can be abused to run
arbitrary commands.
You can test this locally by running the following:
env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
If Bash echoes out the word vulnerable, you're at risk. For a good writeup
see this article:
http://www.troyhunt.com/2014/09/everything-you-need-to-know-about.html
Thanks,
Sean Flattery
More information about the Cialug
mailing list