Shellshock

Published: by Creative Commons Licence

Time to read: Less than 1 minute

Since Wednesday, a security hole called "Shellshock" gous around. It allows to execude code by unsafe handling of environment variables. This is especially a problem with web servers that use CGI scripts.

The following line writes "vulnerable" if the bash is affected by the problem:

$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
vulnerable
this is a test

 

Source: