Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 29 Sep 2014 09:55:09 +0200
From:      Patrick Proniewski <patpro@patpro.net>
To:        =?koi8-r?B?69XMxdvP1yDhzMXL08XK?= <rndfax@yandex.ru>
Cc:        "freebsd-security@freebsd.org FreeBSD-security" <freebsd-security@freebsd.org>, ehaupt@FreeBSD.org
Subject:   Re: Bash ShellShock bug(s)
Message-ID:  <7B489747-0FF8-4081-A001-7A510C3C6FA1@patpro.net>
In-Reply-To: <1771201411976082@web22o.yandex.ru>
References:  <2423691411974542@web12j.yandex.ru> <B5F07349-45ED-4B38-892A-2F7F4A25C085@patpro.net> <1771201411976082@web22o.yandex.ru>
next in thread | previous in thread | raw e-mail | index | archive | help 
(cc ehaupt@ about the core dump of latest bash port)

On 29 sept. 2014, at 09:34, =EB=D5=CC=C5=DB=CF=D7 =E1=CC=C5=CB=D3=C5=CA =
<rndfax@yandex.ru> wrote:

> Right. Okay then, here it is:
>=20
> # pkg remove bash
> ... change 'bash' to 'sh' in bashcheck ...
> # sh bashcheck
> Not vulnerable to CVE-2014-6271 (original shellshock)
> Not vulnerable to CVE-2014-7169 (taviso bug)
> Not vulnerable to CVE-2014-7186 (redir_stack bug)
> Vulnerable to CVE-2014-7187 (nessted loops off by one)
> Variable function parser inactive, likely safe from unknown parser =
bugs
>=20
> So, there is no bash on my system anymore, but script says it has one =
vulnerability.
> Is it actually vulnerability or it's me who must take a good sleep? :)


This is odd. As far as I know, no one reported sh as being vulnerable to =
CVE-2014-7187. But may be it's only on FreeBSD... I don't have an answer =
to that.

Side note about bashcheck on a patched bash (latest bash available in =
ports): it yields to a core dump.

$ bash --version
GNU bash, version 4.3.27(0)-release (amd64-portbld-freebsd8.4)

--------
Not vulnerable to CVE-2014-6271 (original shellshock)
Not vulnerable to CVE-2014-7169 (taviso bug)
/tmp/bashtest: line 18: 37449 Segmentation fault: 11  (core dumped) bash =
-c "true $(printf '<<EOF %.0s' {1..79})" 2> /dev/null
Vulnerable to CVE-2014-7186 (redir_stack bug)
Test for CVE-2014-7187 not reliable without address sanitizer
Variable function parser inactive, likely safe from unknown parser bugs
--------=

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?7B489747-0FF8-4081-A001-7A510C3C6FA1>