[Cialug] Shellshock Bash Remote Code Execution Vulnerability

[Nicolai]

On Thu, Sep 25, 2014 at 09:34:39AM -0500, Sean Flattery wrote:
> If you haven't heard yet, yesterday they announced a huge bug in bash that
> allows attacker to remotely execute any bash commands without
> authentication.  Any service that calls to Bash can be abused to run
> arbitrary commands.
> 
> You can test this locally by running the following:
> 
> env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

This reminds me of a PHF bug from around ~95-96.  Pretty nasty.

Nicolai