I guess that would help. I meant to include that in the initial mail,
but alas, running in 50K directions.
Locally we are using:
(for x in {1..200} ; do echo "for x$x in ; do :"; done; for x in
{1..200} ; do echo done ; done) | bash ||
echo "CVE-2014-7187 vulnerable, word_lineno"
If we run the test via ssh, it is showing patched, however locally is
still showing vulnerable.
Thanks Eric,
Dave
On 10/16/14, Chet Ramey <chet.ra...@case.edu> wrote:
> On 10/16/14, 5:02 PM, Dave Kalaluhi wrote:
>> We have been compiling some of the older versions of bash to fix
>> vulnerabilities, and for the most, has been working.
>>
>> However, when we patch the 013 patch for CVE-2014-7187, and run the
>> nested loop, it's still showing as vulnerable.
>>
>> Has anyone else had a similiar experience?
>
> Since the code that had the off-by-one error was not even in bash-2.05b,
> I'm skeptical that it's vulnerable.
>
> --
> ``The lyf so short, the craft so long to lerne.'' - Chaucer
> ``Ars longa, vita brevis'' - Hippocrates
> Chet Ramey, ITS, CWRU c...@case.edu http://cnswww.cns.cwru.edu/~chet/
>
