Shellshock

Published: September 27, 2014 by tim (Last updated: September 27, 2014 15:33 )

Time to read: less than 1 minute

Categories:
operations 10
security 2

Since Wednesday, a security hole called “Shellshock” gous around. It allows to execude code by unsafe handling of environment variables. This is especially a problem with web servers that use CGI scripts.

The following line writes “vulnerable” if the bash is affected by the problem:

$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
vulnerable
this is a test

Source:

http://derstandard.at/2000006008829/Bashbleed-Kritische-Sicherheitsluecke-bedroht-Linux-und-Unix-Systeme