[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Bash-4.3 Official Patch 25 Bug 896776 - (CVE-2014-6271)
|
From: |
Ralf Naegele |
|
Subject: |
Re: Bash-4.3 Official Patch 25 Bug 896776 - (CVE-2014-6271) |
|
Date: |
Fri, 26 Sep 2014 08:44:18 +0200 (CEST) |
Hello Greg,
thanks for the hint, this seems to be the solution. I've copied the
compiled bash binary to the first directory from $PATH output and now the
test is ok:
[naegele@pinie ~]$ env x='() { :;}; echo vulnerable' bash -c "echo this is a
test"
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test
Regards,
Ralf
On Thu, 25 Sep 2014, Greg Wooledge wrote:
> Date: Thu, 25 Sep 2014 16:52:19 -0400
> From: Greg Wooledge <wooledg@eeg.ccf.org>
> To: ralf.naegele@she.net
> Cc: bug-bash@gnu.org
> Subject: Re: Bash-4.3 Official Patch 25 Bug 896776 - (CVE-2014-6271)
>
> On Thu, Sep 25, 2014 at 05:33:38PM +0200, ralf.naegele@she.net wrote:
> > env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
>
> Did you *install* the patched version so that it is the first "bash" in
> your PATH before running this? If not, you should specify a path to
> bash (e.g. ./bash -c "echo ...").
>