Date: Tue, 30 Sep 2014 18:00:31 -0400 From: Mike Tancsa <mike@sentex.net> To: Charles Swiger <cswiger@mac.com>, Bryan Drewery <bdrewery@FreeBSD.org> Cc: freebsd-security <freebsd-security@FreeBSD.org>, freebsd-ports <freebsd-ports@FreeBSD.org>, Jung-uk Kim <jkim@FreeBSD.org> Subject: Re: bash velnerability Message-ID: <542B27FF.10204@sentex.net> In-Reply-To: <CC9931CC-6BEA-4416-9546-42D6E49C1129@mac.com> References: <CAHFU5H5WOnAXuFmfQEGkTvwoECATTCC3eKYE3yts%2BBqh1M_8ww@mail.gmail.com> <00000148ab969845-5940abcc-bb88-4111-8f7f-8671b0d0300b-000000@us-west-2.amazonses.com> <54243F0F.6070904@FreeBSD.org> <54244982.8010002@FreeBSD.org> <16EB2C50-FBBA-4797-83B0-FB340A737238@circl.lu> <542596E3.3070707@FreeBSD.org> <CAHcXP%2Bdx2etYgQPNiAxk2P68Z-4j%2BbTvdMoHfz%2BxKsBDKh9Z9g@mail.gmail.com> <5425999A.3070405@FreeBSD.org> <5425A548.9090306@FreeBSD.org> <5425D427.8090309@FreeBSD.org> <54298266.1090201@sentex.net> <5429851B.8060500@FreeBSD.org> <542AFC54.9010405@FreeBSD.org> <542B087D.3040903@FreeBSD.org> <CC9931CC-6BEA-4416-9546-42D6E49C1129@mac.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 9/30/2014 5:25 PM, Charles Swiger wrote:
> bash-3.2$ echo "Testing Exploit 4 (CVE-2014-7186)"
> Testing Exploit 4 (CVE-2014-7186)
> bash-3.2$ CVE7186="$(bash -c 'true <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF' 2>/dev/null ||echo -n V)"
> bash-3.2$ [ "${CVE7186}" == "V" ] && echo "VULNERABLE" || echo "NOT VULNERABLE"
> NOT VULNERABLE
>
> This being said, I'm not confident that there won't be further issues found with bash....
>
What are people using to check these issues ? I was using
https://github.com/hannob/bashcheck
Not sure if that gives false positives ? Even on linux with all patches
applied, it coredumps on 7186.
Yet the BASH maintainer says all holes are patched ? Or does he
consider 2014-7186 not a security issue ?
http://lists.gnu.org/archive/html/bug-bash/2014-09/msg00341.html
# bash ./bashcheck
Not vulnerable to CVE-2014-6271 (original shellshock)
Not vulnerable to CVE-2014-7169 (taviso bug)
./bashcheck: line 18: 19749 Segmentation fault (core dumped) bash
-c "true $(printf '<<EOF %.0s' {1..79})" 2> /dev/null
Vulnerable to CVE-2014-7186 (redir_stack bug)
Test for CVE-2014-7187 not reliable without address sanitizer
Variable function parser inactive, likely safe from unknown parser bugs
#
--
-------------------
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, mike@sentex.net
Providing Internet services since 1994 www.sentex.net
Cambridge, Ontario Canada http://www.tancsa.com/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?542B27FF.10204>