[Cialug] Shellshock Bash Remote Code Execution Vulnerability

Hawkins ng0g at mchsi.com
Thu Sep 25 13:19:13 CDT 2014


Gang,

My Fedora 20 w/Mate was vulnerable.  yum update fixed that.

Steve

On 9/25/14, 9:34 AM, Sean Flattery wrote:
> If you haven't heard yet, yesterday they announced a huge bug in bash that
> allows attacker to remotely execute any bash commands without
> authentication.  Any service that calls to Bash can be abused to run
> arbitrary commands.
>
> You can test this locally by running the following:
>
> env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
>
> If Bash echoes out the word vulnerable, you're at risk.  For a good writeup
> see this article:
> http://www.troyhunt.com/2014/09/everything-you-need-to-know-about.html
>
>
> Thanks,
> Sean Flattery
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> http://cialug.org/mailman/listinfo/cialug
>


-- 
Stephen Hawkins NG0G
ng0g at mchsi.com
73 49 111 01001001


More information about the Cialug mailing list