[Novalug] bash vulnerability bug

Keith Howell keith.c.howell@gmail.com
Thu Sep 25 10:38:17 EDT 2014


I am patching many servers right now.

The internet is being actively scanned looking for this vulnerability.
 On Sep 25, 2014 10:32 AM, "Ed James via Novalug" <novalug@firemountain.net>
wrote:

> No joy.  I don't suppose all I need to do on my Ubuntu boxen is like:
>
>    sudo apt-get update bash
>
> ?
>
> Nah - can't possibly be *that* easy.
>
>
> And I'm still hazy if it matters to me - my daily driver doesn't do any
> server chores (at least, not that I know of) and I'm behind 3 firewalls.
> Has anyone "here" found the vulnerability on their machine, updated bash,
> and found it totally fixed?
>
> ​Ed James​
>
> On Thu, Sep 25, 2014 at 9:57 AM, Bonnie Dalzell via Novalug <
> novalug@firemountain.net> wrote:
>
> > ​...
> >
>
>
> > Detecting vulnerable versions
> >
> > To test if your version of Bash is vulnerable to this issue, run the
> > following command:
> >
> > $ env x='() { :;}; echo vulnerable'  bash -c "echo this is a test"
> >
> > If the output of the above command looks as follows:
> >
> > vulnerable
> > this is a test
> > ​...
> >
> **********************************************************************
> The Novalug mailing list is hosted by firemountain.net.
>
> To unsubscribe or change delivery options:
> http://www.firemountain.net/mailman/listinfo/novalug



More information about the Novalug mailing list