1492 wrote:
....
According to The Register, one can check if you're vulnerable to BASH bug by typing the following into your default shell:
env X="() { :;} ; echo busted" /bin/sh -c "echo stuff"
env X="() { :;} ; echo busted" `which bash` -c "echo stuff"
If you see "busted", then you are at risk and should check for a released patch.
I have MinGW (Minimum GNU) installed on my Windows 7 system and at first I thought it did not have the bug. But after searching for more info on the net I discovered it was because I missed a space in the malware string. So here is the malware string on one line at a time:
X
=
'-----(single quote on my MinGW)
(
)
space
{
space
:-----(colon)
;-----(semicolon)
}
;-----(semicolon)
space
echo busted
'-----(single quote on my MinGW)
space
/bin/sh -c "echo stuff"
So the correct return should only be "stuff" but if you have:
$ busted
$ stuff
Then you, like I, have the problem.
