Hi All,
We have been informed of a new vulnerability on Linux / Unix systems. We have tried a command ( which is purely anecdotal at this stage ) that apparently proves whether a particular Linux or Unix system is vulnerable.
This appears to show the VCS ( x8.1.1 test ) as being vulnerable:
~ # env X="() { :;} ; echo Shellshock" `which bash` -c "echo completed"
Shellshock
completed
The idea behind the test is that if you receive an echo of whatever you put in place of Shellshock it means that the device is vulnerable. This may be incorrect but can we get security update from Cisco as to whether the VCS is vulnerable.
Kind regards,
GK
