Bash Code Injection Vulnerability via Specially Crafted Environment Variables
Bug #1373688 reported by
Andrew
This bug affects 2 people
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| bash (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Bug Description
Identified in RedHat and Debian
https:/
From the RedHat advisory - https:/
"Diagnostic Steps
To test if your version of Bash is vulnerable to this issue, run the following command:
$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
If the output of the above command looks as follows:
vulnerable
this is a test"
Confirmed on Ubuntu 14.04 LTS using Bash 4.3-7ubuntu1.1
Revision history for this message
| Marc Deslauriers (mdeslaur) wrote | #1 |
| Changed in bash (Ubuntu): | |
| status: | New → Fix Released |
| status: | Fix Released → Invalid |
| status: | Invalid → Fix Released |
| information type: | Private Security → Public Security |
To post a comment you must log in.
We've fixed this already:
http://