As some of you may have heard, a very serious remote vulnerability was discovered disclosed today within bash.
A quick summary of the problem is that bash does not properly process function definitions, which can be exported like shell variables. This is a bit like a SQL/XSS injection problem — you provide an “end” to your input, and continue writing other functions/calls after it, which then get executed.
A quick example:
|
1 2 3 |
env x='() { :;}; echo vulnerable!' bash -c '' |
A vulnerable system looks like this:
vulnerable!
A patched system looks like this:
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x’