Date: Mon, 29 Sep 2014 09:16:00 +0200 From: Patrick Proniewski <patpro@patpro.net> To: Kuleshov Aleksey <rndfax@yandex.ru> Cc: freebsd-security@freebsd.org Subject: Re: Bash ShellShock bug(s) Message-ID: <B5F07349-45ED-4B38-892A-2F7F4A25C085@patpro.net> In-Reply-To: <2423691411974542@web12j.yandex.ru>
index | next in thread | previous in thread | raw e-mail
On 29 sept. 2014, at 09:09, Kuleshov Aleksey <rndfax@yandex.ru> wrote: > There is a repository https://github.com/hannob/bashcheck with convenient script to check for vulnerabilities. > > % sh bashcheck > Vulnerable to CVE-2014-6271 (original shellshock) > Vulnerable to CVE-2014-7169 (taviso bug) > Not vulnerable to CVE-2014-7186 (redir_stack bug) > Vulnerable to CVE-2014-7187 (nessted loops off by one) > Variable function parser still active, likely vulnerable to yet unknown parser bugs like CVE-2014-6277 (lcamtuf bug) > > Does it mean that FreeBSD's sh is subject to such vulnerabilities? No, it just means the script uses bash and your bash is vulnerable. patprohome | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?B5F07349-45ED-4B38-892A-2F7F4A25C085>