Major security alert - Linux etc...
Collapse
X
-
Tags: None
-
http://gfy.com/showthread.php?t=1150685
Heads up though, it doesn't look like the patch fixed it completely yet.
http://www.reddit.com/r/netsec/comme...l_exploitable/I like pie.Comment
-
-
https://access.redhat.com/node/1200223
If you're affected, mod_security is the best way to stop this right now.
If you're not using mod_security, iptables can protect you a little better than doing nothing.
iptables -I INPUT -m string --hex-string '|28 29 20 7B|' --algo bm -j DROPI like pie.Comment
-
To test if your version of Bash is vulnerable to this issue, run the following command:
$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
If the output of the above command looks as follows:
vulnerable this is a test
you are using a vulnerable version of Bash. The patch used to fix this issue ensures that no code is allowed after the end of a Bash function. Thus, if you run the above example with the patched version of Bash, you should get an output similar to:
$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test" bash: warning: x: ignoring function definition attempt bash: error importing function definition for `x' this is a testStagCMS - Adult CMS - user friendly adult content management system - speed up your websites with no SQL connections
ICQ: 63*23*43*113

Comment
-
Got second thing so i guess i am patched.But this look same shit as mysql inject on sql select query.To test if your version of Bash is vulnerable to this issue, run the following command:
$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
If the output of the above command looks as follows:
vulnerable this is a test
you are using a vulnerable version of Bash. The patch used to fix this issue ensures that no code is allowed after the end of a Bash function. Thus, if you run the above example with the patched version of Bash, you should get an output similar to:
$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test" bash: warning: x: ignoring function definition attempt bash: error importing function definition for `x' this is a testComment
-

BUY MY SIG - 50$/Year

Comment