Bugzilla – Bug 900127
CVE-2014-6277 Vulnerable with latest version of bash in openSUSE 13.1 and SLES 11 SP3
Last modified: 2016-04-27 21:04:32 UTC
Using the following: bash -c "() { x() { _; }; x() { _; } <<`cat /etc/passwd >/tmp/passwd`; }" bash -c : I can cat /etc/passwd to /tmp/passwd showing that the version of bash shipping with SLES 11 SP3 and openSUSE 13.1 are vulnerable to CVE-2014-6277 which is in direct conflict of what's stated in https://www.suse.com/support/shellshock/ with the following paragraph: "There have been additional disclosures about related security vulnerabilities involving the Bash shell, but your SUSE Linux Enterprise-based systems are not impacted if they have recently been patched. The patches provided for CVE-2014-6271 and CVE-2014-7169 also take care of these new issues. CVE-2014-6277 and CVE-2014-6278 describe these new issues in greater detail."
As answered by email: I think that works as expected. You are using weak quotes. If you use ' rather than ", its all fine. The cat command is expanded as it should. Thats the same as echo '$(id)' vs. echo "$(id)" The () {... is just garbage, the backticks and weak quotes do the 'trick'.