Q & A
-
-
0
Nota -
0
Optiuni -
625
Accesari -
- CritiC
Is my bash vulnerable? (shellshock CVE-2014-6271 CVE-2014-7169)
- 3 years ago
This simple command is a sufficient test to see if your version of bash is vulnerable:
x='() { :;}; echo VULNERABLE' bash -c :
It’s not necessary to have extra text printed to signify that the command has actually run, because patched versions of bash will report a warning when a variable in its starting environment contains exploit code for the patched vulnerability.
On a vulnerable system:
$ x='() { :;}; echo VULNERABLE' bash -c : VULNERABLE
On a patched system:
$ x='() { :;}; echo VULNERABLE' bash -c : bash: warning: x: ignoring function definition attempt bash: error importing function definition for `x'
- Comenteaza
- powered by Verysign