Everywhere I've read online says that because pfSense doesn't run bash it's not susceptible to some of the shellshock exploits recently. However, I do believe that packages somehow might include bash and cause pfSense to be vulnerable:
You can see the basic that we should expect:
[2.1.5-RELEASE][user@pfsense]/root(22): bash bash: Command not found.
However, if you include the out-of-bounds exploit you can see the overflow still runs… even though the bash command isn't found:
[2.1.5-RELEASE][user@pfsense]/root(26): bash -c 'true <<eof <<eof="" <<eof'="" ||="" echo="" "i="" am="" vulnerable"<br="">bash: Command not found. I am vulnerable</eof>
Am I wrong?
Yes, you're wrong.
You're entering the equivalent of false || echo 'I am vulnerable' which will always print the text. As will jashkjaskasdkjahsd || echo 'I am vulnerable'
[2.2-RC][root@pfSenseA]/root: jashkjaskasdkjahsd || echo 'I am vulnerable' jashkjaskasdkjahsd: Command not found. I am vulnerable [2.2-RC][root@pfSenseA]/root:
Yep, you're right. Thanks for pointing that out.