Beware of the Bash bug

Kevin Lancaster · Sep 25, 2014

Beware of the Bash bug

New warnings are emerging of a security flaw known as the “Bash” bug

itareanlnotani · Sep 25, 2014

Yup, its a good one.

You can test for vulnerability on a *nix box with

env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

If you see vulnerable, update bash!

If you see something like this, you're ok till the next patch update for bash (as the original fix isn't 100% solved)

bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test

dj_jyno · Sep 25, 2014

Patched with this morning's updates.

ponder · Sep 25, 2014

https://access.redhat.com/articles/1200223

Update: 2014-09-25 03:10 UTC

Red Hat has become aware that the patch for CVE-2014-6271 is incomplete. An attacker can provide specially-crafted environment variables containing arbitrary commands that will be executed on vulnerable systems under certain conditions. The new issue has been assigned CVE-2014-7169. Red Hat is working on patches in conjunction with the upstream developers as a critical priority. For details on a workaround, please see the FAQ below.

Red Hat advises customers to upgrade to the version of bash which contains the fix for CVE-2014-6271 and not wait for the patch which fixes CVE-2014-7169. CVE-2014-7169 is a less severe issue and patches for it are being worked on.

I'm fine for now. OSX users are fecked for now until apple updates.

Join the MyBroadband community

Get started

Beware of the Bash bug

Kevin Lancaster

MyBroadband Editor

itareanlnotani

Executive Member

dj_jyno

Executive Member

ponder

Honorary Master