[Novalug] bash vulnerability bug
Keith Howell
keith.c.howell@gmail.com
Thu Sep 25 10:38:17 EDT 2014
I am patching many servers right now.
The internet is being actively scanned looking for this vulnerability.
On Sep 25, 2014 10:32 AM, "Ed James via Novalug" <novalug@firemountain.net>
wrote:
> No joy. I don't suppose all I need to do on my Ubuntu boxen is like:
>
> sudo apt-get update bash
>
> ?
>
> Nah - can't possibly be *that* easy.
>
>
> And I'm still hazy if it matters to me - my daily driver doesn't do any
> server chores (at least, not that I know of) and I'm behind 3 firewalls.
> Has anyone "here" found the vulnerability on their machine, updated bash,
> and found it totally fixed?
>
> Ed James
>
> On Thu, Sep 25, 2014 at 9:57 AM, Bonnie Dalzell via Novalug <
> novalug@firemountain.net> wrote:
>
> > ...
> >
>
>
> > Detecting vulnerable versions
> >
> > To test if your version of Bash is vulnerable to this issue, run the
> > following command:
> >
> > $ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
> >
> > If the output of the above command looks as follows:
> >
> > vulnerable
> > this is a test
> > ...
> >
> **********************************************************************
> The Novalug mailing list is hosted by firemountain.net.
>
> To unsubscribe or change delivery options:
> http://www.firemountain.net/mailman/listinfo/novalug
More information about the Novalug
mailing list