On Fri, Oct 10, 2014 at 02:00:41PM +0000, Nabia??ek, Wojciech wrote:
> Difference is in version number, mine is 4.3.30(3), your 4.3.30(2)
The number in parentheses is simply how many times Bash has been compiled
in the current source tree. If you apply a new patch and run "make"
again, the number goes up. It's not actually a different version.
> [root@e-mail wojtek]# (for x in {1..200} ; do echo "for x$x in ; do :"; done;
> for x in {1..200} ; do echo done ; done) | bash || echo "CVE-2014-7187
> vulnerable, word_lineno"
> bash: line 2: `x{1..200}': not a valid identifier
> CVE-2014-7187 vulnerable, word_lineno
Your interactive shell is not Bash (or it's a very OLD Bash), so the
{1..200} was not expanded. That's why this test failed.
Run it again from within Bash.
And for god's sake, don't do vulnerability testing as root.
