I just got a security flash from CERT-SE that informed me that there have been a severe security issue detected in unix shell.
The vulnerability lets a potential attacker execute malicious code in the shell, and gain access to the system.
At present there are no known workarounds for this issue, except running a WAF. To test if your system is afflicted by this issue, you can run the following command in the commandline:
If your system is afflicted, you will see the following output in your shell:
At present this vulnerability is known to be exploited by atleast one worm.
For more information, see the following articles:
https://securityblog.redhat.com/2014...ection-attack/
http://seclists.org/oss-sec/2014/q3/649
http://seclists.org/oss-sec/2014/q3/650
The vulnerability lets a potential attacker execute malicious code in the shell, and gain access to the system.
At present there are no known workarounds for this issue, except running a WAF. To test if your system is afflicted by this issue, you can run the following command in the commandline:
Code:
$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"Code:
vulnerable
this is a testFor more information, see the following articles:
https://securityblog.redhat.com/2014...ection-attack/
http://seclists.org/oss-sec/2014/q3/649
http://seclists.org/oss-sec/2014/q3/650