- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 34765
- Проверка EDB
-
- Пройдено
- Автор
- STEPHANE CHAZELAS
- Тип уязвимости
- REMOTE
- Платформа
- LINUX
- CVE
- cve-2014-7910 cve-2014-7227 cve-2014-7196 cve-2014-7169 cve-2014-62771 cve-2014-6271 cve-2014-3671 cve-2014-3659
- Дата публикации
- 2014-09-25
GNU Bash - 'Shellshock' Environment Variable Command Injection
Код:
Exploit Database Note:
The following is an excerpt from: https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/
Like “real” programming languages, Bash has functions, though in a somewhat limited implementation, and it is possible to put these bash functions into environment variables. This flaw is triggered when extra code is added to the end of these function definitions (inside the enivronment variable). Something like:
$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
vulnerable
this is a test
The patch used to fix this flaw, ensures that no code is allowed after the end of a bash function. So if you run the above example with the patched version of bash, you should get an output similar to:
$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test
- Источник
- www.exploit-db.com