IceInSpace - View Single Post - US-CERT - Bourne Again Shell (Bash) Remote Code Execution Vulnerability

multiweb (Marc) · #11 29-09-2014, 02:27 PM

Quote:

Originally Posted by gary

Another article on the bash exploit in today's Sydney Morning Herald :-
http://www.smh.com.au/it-pro/securit...29-10nerp.html

The link Andrew provided contains a test :-
https://isc.sans.edu/forums/diary/Up...llshock+/18707

Code:

The US-CERT's advisory includes a simple command line script that bash
users can run to test for the vulnerability. To check your system
from a command line, type or cut and paste this text:

env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

If the system is vulnerable, the output will be:

vulnerable 
 this is a test

An unaffected (or patched) system will output:

bash: warning: x: ignoring function definition attempt 
 bash: error importing function definition for `x' 
 this is a test

Thanks for that Gary. Doesn't seem to affect FreeBSD.