<div dir="ltr">I think my XS 0.6 is all patched now, at least for the current known vulnerabilities. Here's my current bash version, making sure it got updated everywhere:<br><br>[root@schoolserver ~]# bash --version<br>GNU bash, version 4.3.26(1)-release (i686-pc-linux-gnu)<br><br>[root@schoolserver ~]# /bin/bash --version<br>GNU bash, version 4.3.26(1)-release (i686-pc-linux-gnu)<br><br>[root@schoolserver ~]# /usr/local/bin/bash --version<br>GNU bash, version 4.3.26(1)-release (i686-pc-linux-gnu)<br><br>[root@schoolserver ~]# /bin/sh --version<br>GNU bash, version 4.3.26(1)-release (i686-pc-linux-gnu)<br><br><br>The tests (pasted from the <a href="http://shellshocker.net">shellshocker.net</a> site) and my results:<br><br>**********************************<br>Exploit 1 (CVE-2014-6271)<br><br>There are a few different ways to test if your system is vulnerable to shellshock. Try running the following command in a shell.<br><br>env x='() { :;}; echo vulnerable' bash -c "echo this is a test"<br><br>If you see "vulnerable" you need to update bash. Otherwise, you should be good to go. <br><br>-----------------<br>[root@schoolserver ~]# env x='() { :;}; echo vulnerable' bash -c "echo this is a test"<br>bash: warning: x: ignoring function definition attempt<br>bash: error importing function definition for `x'<br>this is a test<br><br>**********************************<br>Exploit 2 (CVE-2014-7169)<br><br>Even after upgrading bash you may still be vulnerable to this exploit. Try running the following code.<br><br>env X='() { (a)=>\' bash -c "echo date"; cat echo ; rm -f echo<br><br>If the above command outputs the current date (it may also show errors), you are still vulnerable.<br><br>-----------------<br>[root@schoolserver ~]# env X='() { (a)=>\' bash -c "echo date"; cat echo ; rm -f echo<br>bash: X: line 1: syntax error near unexpected token `='<br>bash: X: line 1: `'<br>bash: error importing function definition for `X'<br>date<br>cat: echo: No such file or directory<br><br>**********************************<br>Exploit 3 (???)<br><br>Here is another variation of the exploit. Please leave a comment below if you know the CVE of this exploit.<br><br>env -i X=' () { }; echo hello' bash -c 'date'<br><br>If the above command outputs "hello", you are vulnerable.<br><br>-----------------<br>[root@schoolserver ~]# env -i X=' () { }; echo hello' bash -c 'date'<br>Fri Sep 26 18:18:24 CDT 2014<br><br><br>Anna Schoolfield<br>Birmingham<br><br></div><div class="gmail_extra"><br><div class="gmail_quote">On Fri, Sep 26, 2014 at 3:14 AM, James Cameron <span dir="ltr"><<a href="mailto:quozl@laptop.org" target="_blank">quozl@laptop.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">On Thu, Sep 25, 2014 at 06:04:45PM -0500, Anna wrote:<br>
> I just patched my XS 0.6 with this:<br>
><br>
> curl -k <a href="https://shellshocker.net/fixbash" target="_blank">https://shellshocker.net/fixbash</a> | sh<br>
<br>
</span>For me, one of these uncontrolled non-versioned scripts ended up<br>
building /usr/local/bin/bash and the system bash remained in use.<br>
<br>
Worth checking in case you hit that one.<br>
<span class="HOEnZb"><font color="#888888"><br>
--<br>
James Cameron<br>
<a href="http://quozl.linux.org.au/" target="_blank">http://quozl.linux.org.au/</a><br>
</font></span></blockquote></div><br></div>