[Cialug] Shellshock Bash Remote Code Execution Vulnerability

Sean Flattery sean.r.flattery at gmail.com
Thu Sep 25 09:34:39 CDT 2014


If you haven't heard yet, yesterday they announced a huge bug in bash that
allows attacker to remotely execute any bash commands without
authentication.  Any service that calls to Bash can be abused to run
arbitrary commands.

You can test this locally by running the following:

env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

If Bash echoes out the word vulnerable, you're at risk.  For a good writeup
see this article:
http://www.troyhunt.com/2014/09/everything-you-need-to-know-about.html


Thanks,
Sean Flattery


More information about the Cialug mailing list