CGI::Application and recent bash security hole
Dave Cross
dave at dave.org.uk
Fri Sep 26 10:24:09 BST 2014
Quoting Kent Fredric <kentfredric at gmail.com>:
> On 26 September 2014 13:45, gvim <gvimrc at gmail.com> wrote:
>
>>
>> Updated my bash on CentOS 6.5 this morning so your test fails:
>>
>> # env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
>> bash: warning: x: ignoring function definition attempt
>> bash: error importing function definition for `x'
>> this is a test
>
>
> There's a second vulnerability that escapes the first bug patch.
>
> env X="() { (a)=>\\" bash -c '/dev/stdout date'
>
> If this prints the date, you still have a hole where bash can write content
> to arbitrary files. ( And this trick somehow makes it write the date to
> /dev/stdout. )
New patch released overnight which seems to fix that.
Dave...
More information about the london.pm
mailing list