https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/
http://seclists.org/oss-sec/2014/q3/649
You can test your system to see if it's vulnerable using the POC shown here:
https://twitter.com/kbsingh/status/514801829633593345
env x='() { :;}; echo vulnerable' bash -c "echo this is a test"For example:
Vulnerable |
http://www.ubuntu.com/usn/usn-2362-1/
You should install this updated package as soon as possible. As always, we recommend using "soup" to apply package updates. Please see the following page for full update instructions:
https://code.google.com/p/security-onion/wiki/Upgrade
After installing the updated package, you can verify using the POC again:
New version of bash |
Please see Part 2:
http://blog.securityonion.net/2014/09/bash-vulnerability-part-2.html
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.