Blog 1

Random Talk on Random Thoughts

Shellshock: Better 'Bash' Patches Now Available

| Comments |

Luckily, the Ubuntu updater has already fetched the lastest patch of the vunerable bash.

$ env 'x=() { :;}; echo vulnerable' 'BASH_FUNC_x()=()
 { :;}; echo vulnerable' bash -c "echo test"
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `BASH_FUNC_x'

$ cd /tmp; rm -f /tmp/echo; env 'x=() { (a)=>\' bash 
-c "echo date"; cat /tmp/echo
cat: /tmp/echo: No such file or directory