GoFuckYourself.com - Adult Webmaster Forum - View Single Post - Major security alert

MrGusMuller · 09-25-2014, 02:32 PM

To test if your version of Bash is vulnerable to this issue, run the following command:

$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
If the output of the above command looks as follows:

vulnerable this is a test
you are using a vulnerable version of Bash. The patch used to fix this issue ensures that no code is allowed after the end of a Bash function. Thus, if you run the above example with the patched version of Bash, you should get an output similar to:

$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test" bash: warning: x: ignoring function definition attempt bash: error importing function definition for `x' this is a test

09-25-2014, 02:32 PM
MrGusMuller Confirmed User Industry Role: Join Date: Oct 2010 Location: Portugal Posts: 1,262	To test if your version of Bash is vulnerable to this issue, run the following command: $ env x='() { :;}; echo vulnerable' bash -c "echo this is a test" If the output of the above command looks as follows: vulnerable this is a test you are using a vulnerable version of Bash. The patch used to fix this issue ensures that no code is allowed after the end of a Bash function. Thus, if you run the above example with the patched version of Bash, you should get an output similar to: $ env x='() { :;}; echo vulnerable' bash -c "echo this is a test" bash: warning: x: ignoring function definition attempt bash: error importing function definition for `x' this is a test __________________ StagCMS - Adult CMS - user friendly adult content management system - speed up your websites with no SQL connections ICQ: 632343*113