bash velnerability
Jung-uk Kim
jkim at FreeBSD.org
Tue Sep 30 22:08:05 UTC 2014
On 2014-09-30 18:00:31 -0400, Mike Tancsa wrote:
> On 9/30/2014 5:25 PM, Charles Swiger wrote:
>> bash-3.2$ echo "Testing Exploit 4 (CVE-2014-7186)"
>> Testing Exploit 4 (CVE-2014-7186)
>> bash-3.2$ CVE7186="$(bash -c 'true <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF
>> <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF' 2>/dev/null ||echo -n
>> V)"
>> bash-3.2$ [ "${CVE7186}" == "V" ] && echo "VULNERABLE" || echo "NOT
>> VULNERABLE"
>> NOT VULNERABLE
>>
>> This being said, I'm not confident that there won't be further issues
>> found with bash....
>>
>
> What are people using to check these issues ? I was using
>
> https://github.com/hannob/bashcheck
>
> Not sure if that gives false positives ?
...
Yes, it seems it does.
https://github.com/hannob/bashcheck/commit/5b611b36
Jung-uk Kim
More information about the freebsd-security
mailing list