The top answer to this question is probably the best I've seen so far. Like you, I've only really seen alarmist media claims.
http://askubuntu.com/questions/528101/what-is-the-cve-2014-6271-bash-vulnera...
Cheers
On 26 September 2014 11:57:15 GMT+01:00, Chris Green cl@isbd.net wrote:
On Thu, Sep 25, 2014 at 06:20:33PM +0100, Paul Lenton wrote:
You can test if your version of bash is affected by running the
command
env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
If you get the output
vulnerable this is a test
My xubuntu got a bash update just now and appears to be fixed:-
chris$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test" bash: warning: x: ignoring function definition attempt bash: error importing function definition for `x' this is a test
Is there an explanation of the vulnerability in bash out there somewhere? All I've seen so far is panic stricken reports about it, but no sort of explanation.
What I don't quite understand is how a hacker ever gets to the point of being able to run bash without having broken into a system already.