Hello Greg,
thanks for the hint, this seems to be the solution. I've copied the
compiled bash binary to the first directory from $PATH output and now the
test is ok:
[naegele@pinie ~]$ env x='() { :;}; echo vulnerable' bash -c "echo this is a
test"
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test
Regards,
Ralf
On Thu, 25 Sep 2014, Greg Wooledge wrote:
> Date: Thu, 25 Sep 2014 16:52:19 -0400
> From: Greg Wooledge <[email protected]>
> To: [email protected]
> Cc: [email protected]
> Subject: Re: Bash-4.3 Official Patch 25 Bug 896776 - (CVE-2014-6271)
>
> On Thu, Sep 25, 2014 at 05:33:38PM +0200, [email protected] wrote:
> > env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
>
> Did you *install* the patched version so that it is the first "bash" in
> your PATH before running this? If not, you should specify a path to
> bash (e.g. ./bash -c "echo ...").
>
