Came across an interesting post today from VentraIP which outlines that Linux bash is vulnerable on most modern Linux distributions. You can read more about it directly from them here.
I ran the command on a Raspbian install I have on a Raspberry Pi that hasn’t been updated for a few weeks and surprise surprise. It was vulnerable.
Before upgrade:
root@zulu:~# env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
vulnerable
this is a test
After upgrade:
root@zulu:~# env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test
Best we all go do a sweep of our systems and upgrade those all that would be impacted by this. Best to close the problem now before it gets exploited.
Leave a Reply