[Cerowrt-devel] bash exploit heads up

Dave Taht dave.taht at gmail.com
Wed Sep 24 17:45:22 EDT 2014

>From fiddling with busybox's ash shell... thus far it *does NOT*
appear vulnerable to this.


Simple test:

env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

shows vulnerable for bash, not sh, on openwrt and cerowrt. That said,
it makes me nervous. I've never really liked the redir.sh method cero
uses to bounce people to the right web interface... suggestions to do
it in javascript or something safer desired.

and I'm aware that several people do run bash on cero, so be aware of
this issue.

Dave Täht


More information about the Cerowrt-devel mailing list