Bash ShellShock bug(s)
Kuleshov Aleksey
rndfax at yandex.ru
Mon Sep 29 07:09:17 UTC 2014
There is a repository https://github.com/hannob/bashcheck with convenient script to check for vulnerabilities.
% sh bashcheck
Vulnerable to CVE-2014-6271 (original shellshock)
Vulnerable to CVE-2014-7169 (taviso bug)
Not vulnerable to CVE-2014-7186 (redir_stack bug)
Vulnerable to CVE-2014-7187 (nessted loops off by one)
Variable function parser still active, likely vulnerable to yet unknown parser bugs like CVE-2014-6277 (lcamtuf bug)
Does it mean that FreeBSD's sh is subject to such vulnerabilities?
More information about the freebsd-security
mailing list