On 9/30/2014 5:25 PM, Charles Swiger wrote:
bash-3.2$ echo "Testing Exploit 4 (CVE-2014-7186)"
Testing Exploit 4 (CVE-2014-7186)
bash-3.2$ CVE7186="$(bash -c 'true <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF
<<EOF <<EOF <<EOF' 2>/dev/null ||echo -n V)"
bash-3.2$ [ "${CVE7186}" == "V" ] && echo "VULNERABLE" || echo "NOT VULNERABLE"
NOT VULNERABLE
This being said, I'm not confident that there won't be further issues found
with bash....
What are people using to check these issues ? I was using
https://github.com/hannob/bashcheck
Not sure if that gives false positives ? Even on linux with all patches
applied, it coredumps on 7186.
Yet the BASH maintainer says all holes are patched ? Or does he
consider 2014-7186 not a security issue ?
http://lists.gnu.org/archive/html/bug-bash/2014-09/msg00341.html
# bash ./bashcheck
Not vulnerable to CVE-2014-6271 (original shellshock)
Not vulnerable to CVE-2014-7169 (taviso bug)
./bashcheck: line 18: 19749 Segmentation fault (core dumped) bash
-c "true $(printf '<<EOF %.0s' {1..79})" 2> /dev/null
Vulnerable to CVE-2014-7186 (redir_stack bug)
Test for CVE-2014-7187 not reliable without address sanitizer
Variable function parser inactive, likely safe from unknown parser bugs
#
--
-------------------
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, [email protected]
Providing Internet services since 1994 www.sentex.net
Cambridge, Ontario Canada http://www.tancsa.com/
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "[email protected]"
