Thursday, September 25, 2014

CVE-2014-6271, CVE-2014-7169 Bash Vulnerability

more on

CVE-2014-6271 remote execution code through bash.
CVE-2014-7169 incomplete fix for CVE-2014-6271

Remarks: CVE-2014-7169 has no patches yet !!! (9/24/2014)
(9/26/2014) Ubuntu patch for CVE-2014-7169

for ubuntu,  just use following command to upgrade bash

$ sudo apt-get update && sudo apt-get install bash

## check your bash version with

$ dpkg -s bash | grep Version
Version: 4.2-2ubuntu2.3


$ dpkg -s bash | grep Version
Version: 4.3-7ubuntu1.2

if your bash is patched, you will see no "echo" for 'vulnerable' as bellow;

$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
bash: warning: x: ignoring function definition attempt bash: error importing function definition for `x' this is a test


CentOS7 bash-4.2.45-5.el7_0.4 CentOS6 bash-4.1.2-15.el6_5.2 CentOS5 bash-3.2-33.el5_11.4

No comments:

Post a Comment