Tribal Chicken

Security. Malware Research. Digital Forensics.

Bash bug allows code injection attack

This is interesting. A recently discovered bug in the bash shell (which is common on a lot of *nix systems) allows code injection via specially crafted environment variables.

As in the linked articles, you can test if your version of Bash is vulnerable by running something like:

$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test" vulnerable this is a test

If Bash is not vulnerable, then the word “vulnerable” will not be displayed.

There are some more details on the Redhat security blog.

Fix is to update Bash to a patched version