Snow Leopard bash vulnerability

Snow Leopard is vulnerable and am told more recent versions are too.
The patch for Linux issued today didn’t fix it completely, so there will
be another patch tomorrow.

execute the following:

env x='() { :;}; echo vulnerable’ bash -c “echo this is a test”

Apparently, the proper behaviour is:

bash: warning: x: ignoring function definition attempt

On Snow Leopard, I get the vulnerable and this is a test outputted in
separate lines.

Apparently, this enables remote arbritrary command execution.

UPDATE: apparently, the vulnerability has to do with any bash script
that is triggered as a result of some internet service where some data
fed to the bash script gets executed instead of being treated as a
string (or something akin to that).

Will be interesting to see how quickly Apple issues patches for its
current operating systems.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.