Shellshock: Better 'Bash' Patches Now Available ★

Oct 5th, 2014 3:42 pm | Comments | ∞

Luckily, the Ubuntu updater has already fetched the lastest patch of the vunerable bash.

$ env 'x=() { :;}; echo vulnerable' 'BASH_FUNC_x()=()
 { :;}; echo vulnerable' bash -c "echo test"
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `BASH_FUNC_x'
test

$ cd /tmp; rm -f /tmp/echo; env 'x=() { (a)=>\' bash 
-c "echo date"; cat /tmp/echo
date
cat: /tmp/echo: No such file or directory
$

Comments