25 September 2014

Is Git Bash affected by Shellshock Bash bug?

YES :(

I run test on my git bash on the Windows machine as described here :

env X="() { :;} ; echo busted" /bin/sh -c "echo stuff"
You get “busted” echo’d back out and you’ve successfully exploited the bug."

Is it end of the world ?
I think so,because Mac users are affected too !  :)

What is Shellshock Bash bug?
Description can be found on nist website: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6271 . I can write some rubbish about it,but I think,it is better,if I point you to awesome link that explain things much better than I could do. http://www.troyhunt.com/2014/09/everything-you-need-to-know-about.html

Don't panic people.
If people in Stone Age survived without internet ,we can too !