A critical vulnerability (CVE-2014-6271) in Bash which allows remote execution of arbitrary code through an error in handling function assignments to environment variables.
Questions tagged [shellshock]
12 questions
38
votes
4 answers
Does the Shellshock bug affect ZSH?
Does the Shellshock Bash bug affect ZSH?
Is upgrading Bash the only solution?
marflar
- 533
- 4
- 11
24
votes
7 answers
How do I fix the Shellshock security vulnerability in debian testing/jessie?
The test command
x='() { :;}; echo vulnerable' bash
shows that my Debian 8 (Jessie) installation is vulnerable, even with the latest updates. Research shows that there's a patch for stable and unstable, but that testing is unpatched.
I figure that…
John Lawrence Aspden
- 972
- 2
- 13
- 21
22
votes
4 answers
How do I patch the shellshock vulnerability on an obsolete Ubuntu system that I can't upgrade?
I have a system that I administer remotely (2 timezones away) that runs Ubuntu 9.04, Jaunty. For various reasons, mainly that I'm really leery about trying to do a distribution upgrade from so far away, I can't upgrade it to a more recent version. …
Claus
- 223
- 1
- 2
- 5
4
votes
1 answer
Do I need to be concerned using the Git Bash on Windows with Shellshock?
I use the Git Bash on a Windows 8.1 machine.
Do I need to be concerned by Shellshock?
BanksySan
- 713
- 2
- 7
- 15
3
votes
2 answers
Strange bash error: "error importing function definition for `BASH_FUNC_module'"
Sample script:
#!/usr/bin/env bash
echo "abc"
Output from Bash version 4.1.2(1)-release:
$ ./a.bash
bash: BASH_FUNC_module(): line 0: syntax error near unexpected token `)'
bash: BASH_FUNC_module(): line 0: `BASH_FUNC_module() () { eval…
kevinarpe
- 3,678
- 5
- 26
- 31
3
votes
4 answers
Still Vulnerable to Shellshock with Ubuntu 14.04.1 and Bash 4.3-7ubuntu1.4 - What next?
The title says it all.
I am still vulnerable (CVE-2014-6271 and possibly CVE-2014-7169) with Ubuntu 14.04.1 and Bash 4.3-7ubuntu1.4
apt-get update = nothing
apt-get upgrade = nothing
apt-get install bind = nothing
Checked…
closetnoc
- 43
- 1
- 11
2
votes
1 answer
How do I patch cygwin to resolve the shellshock vulnerability?
I have cygwin installed on my computer and would like to make sure that I'm secured from the shellshock vulnerability. How do I patch cygwin to fix the shellshock vulnerability?
James Mertz
- 26,224
- 41
- 111
- 163
2
votes
1 answer
Does the shellshock vulnerability leave any traces in log files?
I've patched my servers, but I'd also like to review my logs to see if there have been any compromises on them. Are there any consistent traces of exploits using this bug?
Tom Damon
- 466
- 3
- 7
0
votes
2 answers
Is my server still vulnerable to Shell Shock?
I updated my Debian server since Shell Shock vulnerability was known.
Before update, I had:
$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
vulnerable
this is a test
Now, I have:
$ env x='() { :;}; echo vulnerable' bash -c "echo…
lauhub
- 177
- 10
0
votes
0 answers
What exactly is the "Shellshock" vulnerability?
Concerning the Shellshock bug (aka "bash bug", CVE-2014-6271), can someone explain how this vulnerability works? Based on the test given in some posts (below), it looks like some type of injection using environment variables, but what exactly is…
FLGMwt
- 1,171
- 1
- 7
- 4
-1
votes
1 answer
What is shell-shock and how does it effect me?
I am somewhat ignorant on this whole shell-shock thing that is happening right now. So, this may sound like a bit of a dopey question; but, I am wondering, if this effects me at all. I currently use a Windows XP computer (yes, I know about the other…
L.B.
- 493
- 1
- 8
- 20
-1
votes
3 answers
How do I build bash to patch against shellshock and test it before installing it at the root of my system?
What seems to be wrong with my code below? I'm downloading and patching up to patch 18 which I understand is the patch for shellchock vulnerability. But I still get the vulnerability when running Bash.
Download source and patches
wget…
Adam Terrey
- 189
- 1
- 1
- 6