WebFaction
Community site: login faq

Although webfaction servers have been patched against the first version of the Shellshock vulnerability, they still have the second version, CVE-2014-7169.

The test is this:

env X='() { (a)=>\' sh -c "echo date"; cat echo

Secure systems respond:

date
cat: echo: No such file or directory

Vulnerable systems respond with something like:

sh: X: line 1: syntax error near unexpected token `='
sh: X: line 1: `'
sh: error importing function definition for `X'
Fri Sep 26 08:22:22 UTC 2014

and create a file called echo in the directory where the command was run. (NB the actual datestamp on the last line will be the time when you run the command)

This has been submitted as support ticket NFC-728539

asked 26 Sep '14, 08:29

azzps
235
accept rate: 0%

edited 26 Sep '14, 08:35


Red Hat released a second update earlier today.

We'll roll this out, as soon as it hits the official CentOS repos.

permanent link

answered 26 Sep '14, 09:53

iliasr ♦♦
2.1k14
accept rate: 35%

edited 26 Sep '14, 09:53

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×23
×3
×1

question asked: 26 Sep '14, 08:29

question was seen: 1,484 times

last updated: 26 Sep '14, 09:53

WEBFACTION
REACH US
SUPPORT
AFFILIATE PROGRAM
LEGAL
© COPYRIGHT 2003-2019 SWARMA LIMITED - WEBFACTION IS A SERVICE OF SWARMA LIMITED
REGISTERED IN ENGLAND AND WALES 5729350 - VAT REGISTRATION NUMBER 877397162
5TH FLOOR, THE OLD VINYL FACTORY, HAYES, UB3 1HA, UNITED KINGDOM