On 10/9/14, 6:06 PM, Pádraig Brady wrote:
> On 10/09/2014 08:46 PM, Rick Karcich (rkarcich) wrote:
>> Hello Chet,
>>
>> Re: testing for Shellshock... would like your feedback... specifically,
>> regarding the possibility of human-directed combinatorial testing to find
>> this Bash vulnerability...
>
> Sounds like how Michal Zalewski found the related CVE-2014-6278
> http://lcamtuf.blogspot.ie/2014/10/bash-bug-how-we-finally-cracked.html
That's a promising approach. I asked Michal to continue running the fuzzer
against the patched, but he did not respond to that yet.
Chet
--
``The lyf so short, the craft so long to lerne.'' - Chaucer
``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, ITS, CWRU [email protected] http://cnswww.cns.cwru.edu/~chet/
