On 25/09/2014 21:33, Bill Moseley wrote:
I did a very quick test today using mod_perl running as my own user.
Maybe you could try something similar.
I'm running on CentOS where it is vulnerable:
$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
vulnerable
this is a test
Updated my bash on CentOS 6.5 this morning so your test fails:
# env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test
gvim
