Posted September 26, 2014 http://www.csoonline.com/article/2687265/application-security/remote-exploit-in-bash-cve-2014-6271.html Most distributions have a patch by now so if you haven't updated your server in the the past 24 hours or so then you better do so now. Metasploit already has a module made for it so hackers are going to have a heyday with this xD. If your not sure your bash has been fixed you can type:env X="() { :;} ; echo busted" /bin/sh -c "echo completed"env X="() { :;} ; echo busted" `which bash` -c "echo completed" If it says busted then you are vulnerable to this exploit. Share this post Link to post Share on other sites
Posted September 26, 2014 Actually 2 days ago. There's a fix already ----applying everywhere! For Ubuntu: http://www.ubuntu.com/usn/usn-2363-1/(the fix on September 24th didn't work properly, this new one should...) Share this post Link to post Share on other sites
Posted September 26, 2014 I saw first hot fixes being applied 10 hours after the article. Share this post Link to post Share on other sites
Posted September 26, 2014 (edited) Ones that didn't work, yes. At least not official ones. Edited September 26, 2014 by whykillme Share this post Link to post Share on other sites