Awesome - Thanks everyone for the help! I will forward these responses
on to the security group. But again, Thank you everyone!!!
-Dave
On 10/17/14, Andreas Schwab wrote:
> Eric Blake writes:
>
>> The following is a better test for whether CVE-2014-7187 can be
>> exploited to remotely attack yo
Eric Blake writes:
> The following is a better test for whether CVE-2014-7187 can be
> exploited to remotely attack your system:
>
> f='() { echo vulnerable; } bash -c f
Missing quote character.
f='() { echo vulnerable; }' bash -c f
Andreas.
--
Andreas Schwab, sch...@linux-m68k.org
GPG Key f
On 10/17/2014 08:18 AM, Greg Wooledge wrote:
> On Fri, Oct 17, 2014 at 10:10:36AM -0400, Dave Kalaluhi wrote:
>> Locally we are using:
>>
>> (for x in {1..200} ; do echo "for x$x in ; do :"; done; for x in
>> {1..200} ; do echo done ; done) | bash ||
>> echo "CVE-2014-7187 vulnerable, word_lineno"
On Fri, Oct 17, 2014 at 10:10:36AM -0400, Dave Kalaluhi wrote:
> Locally we are using:
>
> (for x in {1..200} ; do echo "for x$x in ; do :"; done; for x in
> {1..200} ; do echo done ; done) | bash ||
> echo "CVE-2014-7187 vulnerable, word_lineno"
As mentioned in previous emails on this topic, tha
I guess that would help. I meant to include that in the initial mail,
but alas, running in 50K directions.
Locally we are using:
(for x in {1..200} ; do echo "for x$x in ; do :"; done; for x in
{1..200} ; do echo done ; done) | bash ||
echo "CVE-2014-7187 vulnerable, word_lineno"
If we run the t
On 10/16/2014 03:02 PM, Dave Kalaluhi wrote:
> We have been compiling some of the older versions of bash to fix
> vulnerabilities, and for the most, has been working.
>
> However, when we patch the 013 patch for CVE-2014-7187, and run the
> nested loop, it's still showing as vulnerable.
Exactly H
On 10/16/14, 5:02 PM, Dave Kalaluhi wrote:
> We have been compiling some of the older versions of bash to fix
> vulnerabilities, and for the most, has been working.
>
> However, when we patch the 013 patch for CVE-2014-7187, and run the
> nested loop, it's still showing as vulnerable.
>
> Has any
