Zsh Mailing List Archive
Messages sorted by: Reverse Date, Date, Thread, Author

Re: zsh seems to be vulnerable to CVE-2014-6271: remote code execution through bash



İsmail Dönmez wrote:
> According to the vulnerability test in
> https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/
>
> [~]> echo $ZSH_VERSION
> 5.0.6
>
> [~]> env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
> vulnerable
> this is a test
>
> Looks like zsh is vulnerable too.

Does it?

[snip]
zsh% x='() { :; }; echo vuln' bash -c 'echo test'
vuln
test
zsh% x='() { :; }; echo vuln' zsh -c 'echo test'
test
[snap]

Doesn't look like it to me.

Bash has this weird feature, where you can "export functions". I suspect
that's what's happening here. Zsh doesn't have this feature. Thankfully.


Regards, Frank



Messages sorted by: Reverse Date, Date, Thread, Author