On Thu, Sep 25, 2014 at 06:20:33PM +0100, Paul Lenton wrote:
You can test if your version of bash is affected by running the command
env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
If you get the output
vulnerable this is a test
My xubuntu got a bash update just now and appears to be fixed:-
chris$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test" bash: warning: x: ignoring function definition attempt bash: error importing function definition for `x' this is a test
Is there an explanation of the vulnerability in bash out there somewhere? All I've seen so far is panic stricken reports about it, but no sort of explanation.
What I don't quite understand is how a hacker ever gets to the point of being able to run bash without having broken into a system already.