Author Topic: Shellshock Bug (Read 2398 times)

elrick · « **on:** September 26, 2014, 06:18:36 AM »

Hi guys does it any version on Tiny Core can be affected with this bug? http://www.bbc.co.uk/news/technology-29361794

hiro · « **Reply #1 on:** September 26, 2014, 06:27:00 AM »

I think only if you manually load bash and let /bin/sh point to bash, something similar could happen if some scripts you use that processes user-defined environments wants #!/bin/bash as shell...

I tested our busybox ash that we point to in /bin/sh and it doesn't seem to be affected.
Also see http://forum.tinycorelinux.net/index.php/topic,17535.0.html

halma · « **Reply #2 on:** September 26, 2014, 11:26:56 AM »

hi,

you can test if you are vunerable with the follow command:

Code: [Select]

env x='() { :;}; echo vulnerable' bash -c "echo this is a test"if it prints

Quote

vulnerable
this is a test

then you are still vunerable, update your bash version

take a look here http://forum.tinycorelinux.net/index.php/topic,17535.msg105163.html#msg105163

Halma

tinypoodle · « **Reply #3 on:** September 26, 2014, 03:33:10 PM »

On a sidenote:

Quote from: hiro on September 26, 2014, 06:27:00 AM

I tested our busybox ash that we point to in /bin/sh and it doesn't seem to be affected.

Same holds true with the infamous fork bomb vulnerability (documented by Jaromil) which is known since many years.
With bash it could be difficult to distinguish between bugs vs. features

Tiny Core Linux

News:

Author Topic: Shellshock Bug (Read 2398 times)

elrick

Shellshock Bug

hiro

Re: Shellshock Bug

halma

Re: Shellshock Bug

tinypoodle

Re: Shellshock Bug