Hello Guys,
I read some blogs and according to it bash susceptible to environment variables code injection attack.
I think we should update our bash with latest patch of bash available.
my old bash version for centos 6.5 is
[root@centos-test ~]# rpm -q bash
bash-4.1.2-15.el6_4.x86_64
[root@centos-test ~]# env x='() { :;}; echo problem' bash -c /bin/true
problem
if you gets output as a problem that means your bash version needs to be updated with latest patch.
Then I updated it and now its
[root@centos-test ~]# rpm -q bash
bash-4.1.2-15.el6_5.1.x86_64
[root@centos-test ~]# env x='() { :;}; echo problem' bash -c /bin/true
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
if you gets output as above that means your bash version is fine.
For more information read below blog.
http://www.linuxbsdos.com/2014/09/25/bash-susceptible-to-environment-variables-code-injection-attack/
I read some blogs and according to it bash susceptible to environment variables code injection attack.
I think we should update our bash with latest patch of bash available.
my old bash version for centos 6.5 is
[root@centos-test ~]# rpm -q bash
bash-4.1.2-15.el6_4.x86_64
[root@centos-test ~]# env x='() { :;}; echo problem' bash -c /bin/true
problem
if you gets output as a problem that means your bash version needs to be updated with latest patch.
Then I updated it and now its
[root@centos-test ~]# rpm -q bash
bash-4.1.2-15.el6_5.1.x86_64
[root@centos-test ~]# env x='() { :;}; echo problem' bash -c /bin/true
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
if you gets output as above that means your bash version is fine.
For more information read below blog.
http://www.linuxbsdos.com/2014/09/25/bash-susceptible-to-environment-variables-code-injection-attack/
