From owner-freebsd-security@FreeBSD.ORG Mon Sep 29 07:55:12 2014 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 1DDCB1B9; Mon, 29 Sep 2014 07:55:12 +0000 (UTC) Received: from rack.patpro.net (rack.patpro.net [193.30.227.216]) by mx1.freebsd.org (Postfix) with ESMTP id D6FD1F3E; Mon, 29 Sep 2014 07:55:11 +0000 (UTC) Received: from patpro.univ-lyon2.fr (patpro.univ-lyon2.fr [159.84.113.250]) by rack.patpro.net (Postfix) with ESMTPSA id 857C85AF; Mon, 29 Sep 2014 09:55:10 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=patpro.net; s=patpro; t=1411977311; bh=qJckMWu+Uoca48bxr+mGSklp+Yv4hZy1lAS1rlC/7xs=; h=Subject:From:In-Reply-To:Date:Cc:References:To; b=bNW5+NreDRd9QYNVea7C5yuf3tCrGtto4CitYQHoAQrGLMsXrbD96/9+2fwhTUd9E FPj833RONMFW7HHxSEe0jyxE5zC5wsTw3H5tCdmLB6/oQwg70nPES5tHT7YARhQ258 5i1WW8qnnk+j/GAaZJtfBtM69sriqXUD4AbXSlEI= Content-Type: text/plain; charset=koi8-r Mime-Version: 1.0 (Mac OS X Mail 6.6 \(1510\)) Subject: Re: Bash ShellShock bug(s) From: Patrick Proniewski In-Reply-To: <1771201411976082@web22o.yandex.ru> Date: Mon, 29 Sep 2014 09:55:09 +0200 Content-Transfer-Encoding: quoted-printable Message-Id: <7B489747-0FF8-4081-A001-7A510C3C6FA1@patpro.net> References: <2423691411974542@web12j.yandex.ru> <1771201411976082@web22o.yandex.ru> To: =?koi8-r?B?69XMxdvP1yDhzMXL08XK?= X-Mailer: Apple Mail (2.1510) Cc: "freebsd-security@freebsd.org FreeBSD-security" , ehaupt@FreeBSD.org X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 29 Sep 2014 07:55:12 -0000 (cc ehaupt@ about the core dump of latest bash port) On 29 sept. 2014, at 09:34, =EB=D5=CC=C5=DB=CF=D7 =E1=CC=C5=CB=D3=C5=CA = wrote: > Right. Okay then, here it is: >=20 > # pkg remove bash > ... change 'bash' to 'sh' in bashcheck ... > # sh bashcheck > Not vulnerable to CVE-2014-6271 (original shellshock) > Not vulnerable to CVE-2014-7169 (taviso bug) > Not vulnerable to CVE-2014-7186 (redir_stack bug) > Vulnerable to CVE-2014-7187 (nessted loops off by one) > Variable function parser inactive, likely safe from unknown parser = bugs >=20 > So, there is no bash on my system anymore, but script says it has one = vulnerability. > Is it actually vulnerability or it's me who must take a good sleep? :) This is odd. As far as I know, no one reported sh as being vulnerable to = CVE-2014-7187. But may be it's only on FreeBSD... I don't have an answer = to that. Side note about bashcheck on a patched bash (latest bash available in = ports): it yields to a core dump. $ bash --version GNU bash, version 4.3.27(0)-release (amd64-portbld-freebsd8.4) -------- Not vulnerable to CVE-2014-6271 (original shellshock) Not vulnerable to CVE-2014-7169 (taviso bug) /tmp/bashtest: line 18: 37449 Segmentation fault: 11 (core dumped) bash = -c "true $(printf '< /dev/null Vulnerable to CVE-2014-7186 (redir_stack bug) Test for CVE-2014-7187 not reliable without address sanitizer Variable function parser inactive, likely safe from unknown parser bugs --------=