Thread: US-CERT - Bourne Again Shell (Bash) Remote Code Execution Vulnerability
View Single Post
  #10  
Old 29-09-2014, 02:23 PM
gary
Registered User

gary is offline 		 
Join Date: Apr 2005
Location: Mt. Kuring-Gai
Posts: 5,999
Another article on the bash exploit in today's Sydney Morning Herald :-
http://www.smh.com.au/it-pro/securit...29-10nerp.html

The link Andrew provided contains a test (see snippet below) :-
https://isc.sans.edu/forums/diary/Up...llshock+/18707

Code:
The US-CERT's advisory includes a simple command line script that bash
users can run to test for the vulnerability. To check your system
from a command line, type or cut and paste this text:

env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

If the system is vulnerable, the output will be:

vulnerable 
 this is a test

An unaffected (or patched) system will output:

bash: warning: x: ignoring function definition attempt 
 bash: error importing function definition for `x' 
 this is a test
Reply With Quote