Rich Freeman on 25 Sep 2014 06:16:45 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Bash remote code execution vulnerability

On Thu, Sep 25, 2014 at 1:03 AM, Paul Jungwirth <> wrote:
> Note that people are already saying the current patch is not enough:

This should check:
env X='() { (a)=>\' bash -c "echo echo vuln"; [[ "$(cat echo)" ==
"vuln" ]] && echo "still vulnerable :("

Gentoo issued a second patch to address this.

I noted that Cyanogenmod bundles a vulnerable bash, but I don't know
if there are any mechanisms to get bash run under a different uid, and
apps on Android can already run bash under their own uid if they wish.

Stock android (from Google at least) does not bundle bash - I'm not
sure what its default shell actually is.

Oh, and if you've already run that one-liner on a vulnerable version
of bash, be sure to rm the file named echo before re-running it
post-fix or you'll get a false positive.

Philadelphia Linux Users Group         --
Announcements -
General Discussion  --