In the bash shell security flaw

A major vulnerability on the bash shell has just be discovered.

Since when does it exist?

This flaw has existed since at least version 3 of bash, which makes it is very widespread.

- What is it allows?

The flaw exploits the fact that the Shell bash, at the time or it is started, does not stop the interpretation to where it should when there are definitions of variables or functions of environment and executes orders placed in arguments.

Being given the fact that we can start a shell bash in a cgi script for example, can exploit this vulnerability remotely Using the fact that the cgi environment variables are mapped in shell environment variables. The launch of commands is done remotely, certainly in the context of the web server is running for example.

Script of exploitation of this vulnerability are easily retrievable and specific to this vulnerability scanners are already at work.

How to check if my version is impacted?

You have the possibility to test this fault by using the following command.

approx x =' () {:;}; echo vulnerable' bash-c "echo this is a test"

If the word "vulnerable" appears before "this is a test" then your version of bash is vulnerable.

< br / >

Ikoula recommends that you update the bash packages for your distribution as quickly as possible. < br / > If you have a debian squeeze 6, so-called, we invite you to follow our knowledge base article. < br / > If you have a shared benefit or complete outsourcing know that our teams have already made the necessary

For more information

Add new comment