| Rich Freeman on 25 Sep 2014 06:16:45 -0700 |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
| Re: [PLUG] Bash remote code execution vulnerability |
On Thu, Sep 25, 2014 at 1:03 AM, Paul Jungwirth <once@9stmaryrd.com> wrote:
> Note that people are already saying the current patch is not enough:
>
> https://news.ycombinator.com/item?id=8365158
>
This should check:
env X='() { (a)=>\' bash -c "echo echo vuln"; [[ "$(cat echo)" ==
"vuln" ]] && echo "still vulnerable :("
Gentoo issued a second patch to address this.
I noted that Cyanogenmod bundles a vulnerable bash, but I don't know
if there are any mechanisms to get bash run under a different uid, and
apps on Android can already run bash under their own uid if they wish.
Stock android (from Google at least) does not bundle bash - I'm not
sure what its default shell actually is.
Oh, and if you've already run that one-liner on a vulnerable version
of bash, be sure to rm the file named echo before re-running it
post-fix or you'll get a false positive.
--
Rich
___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug