------- Comment From cha...@us.ibm.com 2014-10-16 16:19 EDT------- Verified the Bug. The issues are fixed.
-- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to bash in Ubuntu. https://bugs.launchpad.net/bugs/1378114 Title: Ubuntu 14.10 bash is still vulnerable to CVE-2014-6277 and CVE-2014-7186. Status in “bash” package in Ubuntu: Confirmed Bug description: ---Problem Description--- Ubuntu 14.10 bash still vulnerable to CVE-2014-6277 and CVE-2014-7186. ---uname output--- manu@ubuntu:~$ uname -a Linux ubuntu 3.16.0-20-generic #27-Ubuntu SMP Wed Oct 1 17:24:38 UTC 2014 ppc64le ppc64le ppc64le GNU/Linux Machine Type = 8284-22A ---Steps to Reproduce--- Ubuntu 14.10 bash still vulnerable to CVE-2014-6277 and CVE-2014-7186. 1. install Oct 5 ppc64le ubuntu 14.10 ISO image. 2. upgrade to latest bash. manu@ubuntu:~$ sudo apt-get update; apt-get install --only-upgrade bash manu@ubuntu:~$ bash --version GNU bash, version 4.3.27(1)-release (powerpc64le-unknown-linux-gnu) Copyright (C) 2013 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software; you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. 3. run the shellshocker.net tests to see if the bash is still vulnerable. manu@ubuntu:~$ curl https://shellshocker.net/shellshock_test.sh | bash % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 2533 100 2533 0 0 3675 0 --:--:-- --:--:-- --:--:-- 3671 CVE-2014-6271 (original shellshock): not vulnerable bash: line 16: 14233 Segmentation fault bash -c "f() { x() { _;}; x() { _;} <<a; }" 2> /dev/null CVE-2014-6277 (segfault): VULNERABLE CVE-2014-6278 (Florian's patch): not vulnerable CVE-2014-7169 (taviso bug): not vulnerable bash: line 49: 14250 Segmentation fault bash -c 'true <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF' 2> /dev/null CVE-2014-7186 (redir_stack bug): VULNERABLE CVE-2014-7187 (nested loops off by one): not vulnerable CVE-2014-//// (exploit 3 on http://shellshocker.net/): not vulnerable based on the test suite results, CVE-2014-6277 and CVE-2014-7186 are still vulnerable on Ubuntu 14.10. Other similar tests in these areas which still fails: 1. manu@ubuntu:~$ bash -c "f(){ x(){ _;};x(){ _;}<<a;}" Segmentation fault 2. manu@ubuntu:/tmp$ bash -c ':<<a<<b<<c<<d<<e<<f<<g<<h<<i<<j<<k<<l<<m<<n' Segmentation fault 3. manu@ubuntu:/tmp$ bash -c 'true <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF' || echo "CVE-2014-7186 vulnerable, redir_stack" Segmentation fault CVE-2014-7186 vulnerable, redir_stack 4. manu@ubuntu:~$ bash -c "f() { x() { _;}; x() { _;} <<a; }" 2>/dev/null || echo vulnerable Segmentation fault vulnerable To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1378114/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
