Date: Mon, 29 Sep 2014 09:16:00 +0200 From: Patrick Proniewski <patpro@patpro.net> To: Kuleshov Aleksey <rndfax@yandex.ru> Cc: freebsd-security@freebsd.org Subject: Re: Bash ShellShock bug(s) Message-ID: <B5F07349-45ED-4B38-892A-2F7F4A25C085@patpro.net> In-Reply-To: <2423691411974542@web12j.yandex.ru> References: <2423691411974542@web12j.yandex.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
On 29 sept. 2014, at 09:09, Kuleshov Aleksey <rndfax@yandex.ru> wrote: > There is a repository https://github.com/hannob/bashcheck with = convenient script to check for vulnerabilities. >=20 > % sh bashcheck=20 > Vulnerable to CVE-2014-6271 (original shellshock) > Vulnerable to CVE-2014-7169 (taviso bug) > Not vulnerable to CVE-2014-7186 (redir_stack bug) > Vulnerable to CVE-2014-7187 (nessted loops off by one) > Variable function parser still active, likely vulnerable to yet = unknown parser bugs like CVE-2014-6277 (lcamtuf bug) >=20 > Does it mean that FreeBSD's sh is subject to such vulnerabilities? No, it just means the script uses bash and your bash is vulnerable. patpro=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?B5F07349-45ED-4B38-892A-2F7F4A25C085>