WebFaction
Community site: login faq
2
1

I don't quite understand why this hasn't been mentioned yet...!

See http://seclists.org/oss-sec/2014/q3/649

My webfaction server is running bash 4.1.2. And I can confirm that my server is vulnerable. When will we see a fix?

To check if your webfaction server is vulnerable, run:

env x='() { :;}; echo vulnerable' bash -c 'echo hello'

If you see:

vulnerable
hello

Then you are vulnerable. Hopefully you will see

bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
hello

(Note that the vulnerability hasn't been fully fixed in any of the official patches: https://twitter.com/taviso/status/514887394294652929 )

asked 25 Sep '14, 06:34

pjrobertson
458
accept rate: 0%


Hello,

Our system administrators are currently in the process of upgrading all servers to patch this vulnerability. If you have any further questions, don't hesitate to submit a support ticket.

permanent link

answered 25 Sep '14, 14:08

yulian
27214
accept rate: 24%

I seem to be upgraded.... Thanks.

permanent link

answered 25 Sep '14, 22:42

leehinde
45111
accept rate: 0%

edited 25 Sep '14, 22:42

The first vulnerability is fixed:

env x='() { :;}; echo vulnerable' bash -c 'echo hello'

but the second still exists:

env X='() { (a)=>\' sh -c "echo date"; cat echo
permanent link

answered 26 Sep '14, 06:26

pjrobertson
458
accept rate: 0%

I've reported this as a new question here: https://community.webfaction.com/questions/17641/

(26 Sep '14, 08:32) azzps

Red Hat released a second update earlier today.

We'll roll this out, as soon as it hits the official CentOS repos.

(26 Sep '14, 09:53) iliasr ♦♦
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×69
×23

question asked: 25 Sep '14, 06:34

question was seen: 2,459 times

last updated: 26 Sep '14, 09:53

WEBFACTION
REACH US
SUPPORT
AFFILIATE PROGRAM
LEGAL
© COPYRIGHT 2003-2019 SWARMA LIMITED - WEBFACTION IS A SERVICE OF SWARMA LIMITED
REGISTERED IN ENGLAND AND WALES 5729350 - VAT REGISTRATION NUMBER 877397162
5TH FLOOR, THE OLD VINYL FACTORY, HAYES, UB3 1HA, UNITED KINGDOM