By default I have seemingly assumed sysadmin duties for a host running
Debian 6.0.7 (squeeze). So (not having done a lot of this before) ...
1) the system bash is vulnerable
> env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
vulnerable
this is a test
2) bash is version 4.1.5
host: bash --version
GNU bash, version 4.1.5(1)-release (i486-pc-linux-gnu)
3) There are no upgrades
$ apt-get install bash
Reading package lists... Done
Building dependency tree
Reading state information... Done
bash is already the newest version.
Would you mind recommending how best I should proceed?
Thank you,
Joe Loiacono
