Shellshock vulnerability |
Shellshock vulnerability |
jimlongo |
Sep 27 2014, 01:05 PM
Post
#1
|
This is My Life Group: Members Posts: 1,128 Joined: 24-August 06 From: t-dot Member No.: 16 |
If you haven't heard, there is a new bug that may be very dangerous.
It is a vulnerability in bash (and sh). You can start here to get information and if you can SSH into your server you can run some checks that are on that page to see if your server is vulnerable. And then figure out how to patch it, or in the case of a shared server, get on your providers case to fix it immediately. Some of the sensational news articles I've read take this threat to pretty catastrophic levels . . . I'm not convinced of that but certainly any nix webservers need to be patched. |
Christian J |
Sep 27 2014, 02:29 PM
Post
#2
|
. Group: WDG Moderators Posts: 9,630 Joined: 10-August 06 Member No.: 7 |
if you can SSH into your server you can run some checks that are on that page to see if your server is vulnerable. On http://en.wikipedia.org/wiki/Shellshock_(software_bug) there are some other examples, but they begin with a $ sign like this: CODE $ env x='() { :;}; echo vulnerable' bash -c 'echo this is a test' --what is the $ sign used for? |
jimlongo |
Sep 27 2014, 03:49 PM
Post
#3
|
This is My Life Group: Members Posts: 1,128 Joined: 24-August 06 From: t-dot Member No.: 16 |
The $ is just the generic prompt, which usually follows your username. Sometime you will see a # symbol instead.
You omit it and just enter the command. This is one example. CODE env x='() { :;}; echo vulnerable' bash -c 'echo this is a test' here is a later one CODE X='() { (a)=>\' bash -c "echo date" This post has been edited by jimlongo: Sep 27 2014, 03:50 PM |
Darin McGrew |
Sep 28 2014, 12:34 AM
Post
#4
|
WDG Member Group: Root Admin Posts: 8,365 Joined: 4-August 06 From: Mountain View, CA Member No.: 3 |
Yes, the $ is the default command prompt for a normal user. The # is the default command prompt for the root/superuser account. When they occur at the beginning of a command line, they are not really part of the command and should be ignored.
But if they occur elsewhere, then they have other meanings. For example, $ is used to expand variable values. So in the case of $ echo $USER The first $ is the command prompt, and the second $ expands the value of the USER variable (which holds the username of the current user account). |
jimlongo |
Sep 28 2014, 11:11 AM
Post
#5
|
This is My Life Group: Members Posts: 1,128 Joined: 24-August 06 From: t-dot Member No.: 16 |
Yes, it's a little confusing sometimes (coming from other languages) in that variables are declared without the $ but require it when it's used.
VAR=hello echo $VAR |
Lo-Fi Version | Time is now: 29th March 2024 - 09:00 AM |