CGI::Application and recent bash security hole
gvim
gvimrc at gmail.com
Fri Sep 26 02:45:21 BST 2014
On 25/09/2014 21:33, Bill Moseley wrote:
> I did a very quick test today using mod_perl running as my own user.
> Maybe you could try something similar.
>
> I'm running on CentOS where it is vulnerable:
>
> $ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
> vulnerable
> this is a test
>
Updated my bash on CentOS 6.5 this morning so your test fails:
# env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test
gvim
More information about the london.pm
mailing list