Scientific Linux Forum.org



  Reply to this topicStart new topicStart Poll

> Bash vulnerability still not patched completly
U308
 Posted: Sep 27 2014, 02:05 PM
Quote Post


SLF Advocate
*****

Group: Members
Posts: 472
Member No.: 32
Joined: 11-April 11









To test if your version affected by the original vulnerability:
If you get the output "hacked", you're affected.

test="() { echo Hello; }; echo hacked" bash -c ""

In order to test if your version only got the incomplete first fix:

X='() { function a a>\' bash -c echo; [ -e echo ] && echo "hacked"
PM
^
helikaon
 Posted: Sep 27 2014, 08:56 PM
Quote Post


SLF Administrator
*******

Group: Admins
Posts: 836
Member No.: 4
Joined: 8-April 11









QUOTE (U308 @ Sep 27 2014, 02:05 PM)
To test if your version affected by the original vulnerability:
If you get the output "hacked", you're affected.

test="() { echo Hello; }; echo hacked" bash -c ""

In order to test if your version only got the incomplete first fix:

X='() { function a a>\' bash -c echo; [ -e echo ] && echo "hacked"


Thanks for bringing this up to my attention!
My home server was affected, now fixed :]

thanks!

--------------------
PMEmail Poster
^
U308
 Posted: Sep 28 2014, 06:33 AM
Quote Post


SLF Advocate
*****

Group: Members
Posts: 472
Member No.: 32
Joined: 11-April 11









PM
^
0 User(s) are reading this topic (0 Guests and 0 Anonymous Users)
0 Members:

Topic Options Reply to this topicStart new topicStart Poll