CGI::Application and recent bash security hole

gvim gvimrc at gmail.com
Fri Sep 26 02:45:21 BST 2014


On 25/09/2014 21:33, Bill Moseley wrote:
> I did a very quick test today using mod_perl running as my own user.
> Maybe you could try something similar.
>
> I'm running on CentOS where it is vulnerable:
>
> $ env x='() { :;}; echo vulnerable'  bash -c "echo this is a test"
> vulnerable
> this is a test
>

Updated my bash on CentOS 6.5 this morning so your test fails:

# env x='() { :;}; echo vulnerable'  bash -c "echo this is a test"
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test


gvim


More information about the london.pm mailing list