Fantaisies programatico-ludiques

Bash remote code execution vulnerability

Just relaying the information about this "ShellShock" vulnerability:

This seems to affect Apache, sshd, DHCP clients and even potentially git.

TL;DR here is how to check your Bash version

env x='() { echo Never called; }; echo YOUR BASH IS VULNERABLE' bash -c 'echo This is a test'

The "YOUR BASH IS VULNERABLE" message should NOT appear in your terminal.

Source: Justin Mason's Weblog

EDIT[29/09/2014]: Tavis Ormandy noticed that the first patch doesn't seem to correct the full vulnerability:

env X='() { (a)=>\' sh -c "echo date"; cat echo

I the current date is printed, your bash version is still vulnerable.