2014年09月27日 CVE-2014-7169 is fixed by bash43-026 [長年日記]
_ CVE-2014-7169 is fixed by bash43-026
http://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-026
Before applying above patch
$ env -i X='() { (a)=>\' bash -c 'echo date'
bash: X: line 1: syntax error near unexpected token `='
bash: X: line 1: `'
bash: error importing function definition for `X'
$ ls -al echo
-rw-r--r-- 1 m-ito m-ito 29 Sep 27 10:39 echo
$ cat echo
Sat Sep 27 10:39:30 JST 2014
$
After applying above patch
$ env -i X='() { (a)=>\' bash -c 'echo date'
bash: X: line 1: syntax error near unexpected token `='
bash: X: line 1: `'
bash: error importing function definition for `X'
date
$ ls -al echo
ls: echo: No such file or directory
$ bash --version
GNU bash, version 4.3.26(1)-release (i686-pc-linux-gnu)
Copyright (C) 2013 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software; you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
$
[ツッコミを入れる]