CGI::Application and recent bash security hole
Anatoliy Dmytriyev
tolid-london.pm at tolid.eu.org
Fri Sep 26 19:30:41 BST 2014
Or you can manually update obsolete systems http://superuser.com/questions/816787/how-do-i-patch-the-shellshock-vulnerability-on-an-obsolete-ubuntu-system-that-i
Regards,
Anatoliy
On 26 Sep 2014, at 17:11, Dave Cross <dave at dave.org.uk> wrote:
> Quoting gvim <gvimrc at gmail.com>:
>
>>>
>>> There's a second vulnerability that escapes the first bug patch.
>>>
>>> env X="() { (a)=>\\" bash -c '/dev/stdout date'
>>>
>>> If this prints the date, you still have a hole where bash can write content
>>> to arbitrary files. ( And this trick somehow makes it write the date to
>>> /dev/stdout. )
>>>
>>
>> Kreist, I'm up **it Creek after all :(
>
> Your distro almost certainly has a second patch already available. Just update your installed package.
>
> This article seems pretty good:
>
> http://perltricks.com/article/115/2014/9/26/Shellshock-and-Perl
>
> Dave...
More information about the london.pm
mailing list