Bash ShellShock bug(s)
Patrick Proniewski
patpro at patpro.net
Mon Sep 29 07:25:39 UTC 2014
On 29 sept. 2014, at 09:09, Kuleshov Aleksey <rndfax at yandex.ru> wrote:
> There is a repository https://github.com/hannob/bashcheck with convenient script to check for vulnerabilities.
>
> % sh bashcheck
> Vulnerable to CVE-2014-6271 (original shellshock)
> Vulnerable to CVE-2014-7169 (taviso bug)
> Not vulnerable to CVE-2014-7186 (redir_stack bug)
> Vulnerable to CVE-2014-7187 (nessted loops off by one)
> Variable function parser still active, likely vulnerable to yet unknown parser bugs like CVE-2014-6277 (lcamtuf bug)
>
> Does it mean that FreeBSD's sh is subject to such vulnerabilities?
No, it just means the script uses bash and your bash is vulnerable.
patpro
More information about the freebsd-security
mailing list