Date: Mon, 29 Sep 2014 09:16:00 +0200 From: Patrick Proniewski <patpro@patpro.net> To: Kuleshov Aleksey <rndfax@yandex.ru> Cc: freebsd-security@freebsd.org Subject: Re: Bash ShellShock bug(s) Message-ID: <B5F07349-45ED-4B38-892A-2F7F4A25C085@patpro.net> In-Reply-To: <2423691411974542@web12j.yandex.ru> References: <2423691411974542@web12j.yandex.ru>
index | next in thread | previous in thread | raw e-mail
On 29 sept. 2014, at 09:09, Kuleshov Aleksey <rndfax@yandex.ru> wrote: > There is a repository https://github.com/hannob/bashcheck with convenient script to check for vulnerabilities. > > % sh bashcheck > Vulnerable to CVE-2014-6271 (original shellshock) > Vulnerable to CVE-2014-7169 (taviso bug) > Not vulnerable to CVE-2014-7186 (redir_stack bug) > Vulnerable to CVE-2014-7187 (nessted loops off by one) > Variable function parser still active, likely vulnerable to yet unknown parser bugs like CVE-2014-6277 (lcamtuf bug) > > Does it mean that FreeBSD's sh is subject to such vulnerabilities? No, it just means the script uses bash and your bash is vulnerable. patprohelp
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?B5F07349-45ED-4B38-892A-2F7F4A25C085>