OVH Community, your new community space.

Shellshock Vulnerability


da_judge
26-09-2014, 20:59
Today there was an update to :
bash-4.1.2-15.el6_5.2

This fixes fully. You can update via your panel

Enjoy

da_judge
25-09-2014, 22:19
Hi,

Just to let you all know, the patch / fix in OVH3 running CentOS for the BASH Shellshock vulnerability dont fix fully

Run this in shell :

Code:
env X='() { (a)=>\' sh -c "echo date"; cat echo
If you get date at bottom its not fixed, which looks like this:

Code:
$ env X='() { (a)=>\' sh -c "echo date"; cat echo
sh: X: line 1: syntax error near unexpected token `='
sh: X: line 1: `'
sh: error importing function definition for `X'
Thu Sep 25 21:48:39 CEST 2014
Maybe OVH can fix this or find fix as all CentOS open to attacks

Good Luck