Questions tagged [shellshock]
A critical vulnerability (CVE-2014-6271) in Bash which allows remote execution of arbitrary code through an error in handling function assignments to environment variables.
12
questions
3
votes
2
answers
10k
views
Strange bash error: "error importing function definition for `BASH_FUNC_module'"
Sample script:
#!/usr/bin/env bash
echo "abc"
Output from Bash version 4.1.2(1)-release:
$ ./a.bash
bash: BASH_FUNC_module(): line 0: syntax error near unexpected token `)'
bash: ...
- 3,858
2
votes
1
answer
2k
views
How do I patch cygwin to resolve the shellshock vulnerability?
I have cygwin installed on my computer and would like to make sure that I'm secured from the shellshock vulnerability. How do I patch cygwin to fix the shellshock vulnerability?
- 26.4k
-1
votes
1
answer
226
views
What is shell-shock and how does it effect me? [closed]
I am somewhat ignorant on this whole shell-shock thing that is happening right now. So, this may sound like a bit of a dopey question; but, I am wondering, if this effects me at all. I currently use a ...
- 483
3
votes
4
answers
5k
views
Still Vulnerable to Shellshock with Ubuntu 14.04.1 and Bash 4.3-7ubuntu1.4 - What next?
The title says it all.
I am still vulnerable (CVE-2014-6271 and possibly CVE-2014-7169) with Ubuntu 14.04.1 and Bash 4.3-7ubuntu1.4
apt-get update = nothing
apt-get upgrade = nothing
apt-get install ...
- 43
4
votes
1
answer
2k
views
Do I need to be concerned using the Git Bash on Windows with Shellshock?
I use the Git Bash on a Windows 8.1 machine.
Do I need to be concerned by Shellshock?
- 733
0
votes
2
answers
131
views
Is my server still vulnerable to Shell Shock?
I updated my Debian server since Shell Shock vulnerability was known.
Before update, I had:
$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
vulnerable
this is a test
Now, I have:
...
- 177
-1
votes
3
answers
1k
views
How do I build bash to patch against shellshock and test it before installing it at the root of my system?
What seems to be wrong with my code below? I'm downloading and patching up to patch 18 which I understand is the patch for shellchock vulnerability. But I still get the vulnerability when running Bash....
- 209
2
votes
1
answer
661
views
Does the shellshock vulnerability leave any traces in log files?
I've patched my servers, but I'd also like to review my logs to see if there have been any compromises on them. Are there any consistent traces of exploits using this bug?
- 466
22
votes
4
answers
15k
views
How do I patch the shellshock vulnerability on an obsolete Ubuntu system that I can't upgrade?
I have a system that I administer remotely (2 timezones away) that runs Ubuntu 9.04, Jaunty. For various reasons, mainly that I'm really leery about trying to do a distribution upgrade from so far ...
- 223
0
votes
0
answers
241
views
What exactly is the "Shellshock" vulnerability?
Concerning the Shellshock bug (aka "bash bug", CVE-2014-6271), can someone explain how this vulnerability works? Based on the test given in some posts (below), it looks like some type of injection ...
- 1,389
24
votes
7
answers
38k
views
How do I fix the Shellshock security vulnerability in debian testing/jessie?
The test command
x='() { :;}; echo vulnerable' bash
shows that my Debian 8 (Jessie) installation is vulnerable, even with the latest updates. Research shows that there's a patch for stable and ...
- 1,002
38
votes
4
answers
8k
views
Does the Shellshock bug affect ZSH?
Does the Shellshock Bash bug affect ZSH?
Is upgrading Bash the only solution?
- 533