HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
Shellshock linux vulnerability
x00
MVP
x00
MVP
Comments
This is not meant as a definitive test
>
grep is your friend.
keep applying updates when they come, becuase patches are mostly incomplete and not the full solution.
grep is your friend.
it is also good idea to individually update bash, rather then relying on distro updates.
grep is your friend.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2014-7169
https://www.us-cert.gov/ncas/alerts/TA14-268A
http://arstechnica.com/security/2014/09/bug-in-bash-shell-creates-big-security-hole-on-anything-with-nix-in-it/
I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.
Thanks for the notice, my bash was susceptible to this bug.
Search first
Check out the Documentation! We are always looking for new content and pull requests.
Click on insightful, awesome, and funny reactions to thank community volunteers for their valuable posts.
New Exploit Method
bash -c 'true <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF' || echo "CVE-2014-7186 vulnerable, redir_stack"(for x in {1..200} ; do echo "for x$x in ; do :"; done; for x in {1..200} ; do echo done ; done) | bash || echo "CVE-2014-7187 vulnerable, word_lineno"Very helpful site for checking new shellshock exploit and updates
https://shellshocker.net