Sign in to follow this  
Followers 0
Karlton

Major GNU Bash Exploit Found Yesterday...

By Karlton, in Wood Scraps

Recommended Posts

Posted

http://www.csoonline.com/article/2687265/application-security/remote-exploit-in-bash-cve-2014-6271.html


 


Most distributions have a patch by now so if you haven't updated your server in the the past 24 hours or so then you better do so now.  Metasploit already has a module made for it so hackers are going to have a heyday with this xD.


 


If your not sure your bash has been fixed you can type:


env X="() { :;} ; echo busted" /bin/sh -c "echo completed"


env X="() { :;} ; echo busted" `which bash` -c "echo completed"


 


If it says busted then you are vulnerable to this exploit.


Share this post

Link to post
Share on other sites
Posted

I saw first hot fixes being applied 10 hours after the article.


Share this post

Link to post
Share on other sites
Posted (edited)

Ones that didn't work, yes. At least not official ones.


Edited by whykillme

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  
Followers 0
Go To Topic Listing