Bash ShellShock bug(s)
Patrick Proniewski
patpro at patpro.net
Mon Sep 29 07:55:12 UTC 2014
(cc ehaupt@ about the core dump of latest bash port)
On 29 sept. 2014, at 09:34, Кулешов Алексей <rndfax at yandex.ru> wrote:
> Right. Okay then, here it is:
>
> # pkg remove bash
> ... change 'bash' to 'sh' in bashcheck ...
> # sh bashcheck
> Not vulnerable to CVE-2014-6271 (original shellshock)
> Not vulnerable to CVE-2014-7169 (taviso bug)
> Not vulnerable to CVE-2014-7186 (redir_stack bug)
> Vulnerable to CVE-2014-7187 (nessted loops off by one)
> Variable function parser inactive, likely safe from unknown parser bugs
>
> So, there is no bash on my system anymore, but script says it has one vulnerability.
> Is it actually vulnerability or it's me who must take a good sleep? :)
This is odd. As far as I know, no one reported sh as being vulnerable to CVE-2014-7187. But may be it's only on FreeBSD... I don't have an answer to that.
Side note about bashcheck on a patched bash (latest bash available in ports): it yields to a core dump.
$ bash --version
GNU bash, version 4.3.27(0)-release (amd64-portbld-freebsd8.4)
--------
Not vulnerable to CVE-2014-6271 (original shellshock)
Not vulnerable to CVE-2014-7169 (taviso bug)
/tmp/bashtest: line 18: 37449 Segmentation fault: 11 (core dumped) bash -c "true $(printf '<<EOF %.0s' {1..79})" 2> /dev/null
Vulnerable to CVE-2014-7186 (redir_stack bug)
Test for CVE-2014-7187 not reliable without address sanitizer
Variable function parser inactive, likely safe from unknown parser bugs
--------
More information about the freebsd-security
mailing list