Hi everyone, Bash Code Injection Vulnerability via Specially Crafted Environment Variables (CVE-2014-6271)
https://access.redhat.com/articles/1200223 My current Debian setup is vulnerable, as shown below: ============================================== slitt@mydesq2:~$ env x='() { :;}; \ echo vulnerable' bash -c "echo this is a test" vulnerable this is a test slitt@mydesq2:~$ uname -a Linux mydesq2 3.2.0-4-amd64 #1 SMP Debian 3.2.60-1+deb7u3 x86_64 GNU/Linux slitt@mydesq2:~$ cat /etc/issue Debian GNU/Linux 7 \n \l slitt@mydesq2:~$ bash --version GNU bash, version 4.2.37(1)-release (x86_64-pc-linux-gnu) Copyright (C) 2011 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software; you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. slitt@mydesq2:~$ ============================================== Does anyone know if there's an fix for Debian's bash, and how to install it? Thanks, SteveT Steve Litt * http://www.troubleshooters.com/ Troubleshooting Training * Human Performance -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140924165250.2351e...@mydesq2.domain.cxm
