Date: Tue, 30 Sep 2014 16:48:17 -0500 From: Jason Hellenthal <jhellenthal@dataix.net> To: Charles Swiger <cswiger@mac.com> Cc: freebsd-security <freebsd-security@freebsd.org>, Jung-uk Kim <jkim@FreeBSD.org>, freebsd-ports <freebsd-ports@freebsd.org>, Bryan Drewery <bdrewery@FreeBSD.org> Subject: Re: bash velnerability Message-ID: <915DA264-1022-441B-93DE-229739A861B3@dataix.net> In-Reply-To: <CC9931CC-6BEA-4416-9546-42D6E49C1129@mac.com> References: <CAHFU5H5WOnAXuFmfQEGkTvwoECATTCC3eKYE3yts%2BBqh1M_8ww@mail.gmail.com> <00000148ab969845-5940abcc-bb88-4111-8f7f-8671b0d0300b-000000@us-west-2.amazonses.com> <54243F0F.6070904@FreeBSD.org> <54244982.8010002@FreeBSD.org> <16EB2C50-FBBA-4797-83B0-FB340A737238@circl.lu> <542596E3.3070707@FreeBSD.org> <CAHcXP%2Bdx2etYgQPNiAxk2P68Z-4j%2BbTvdMoHfz%2BxKsBDKh9Z9g@mail.gmail.com> <5425999A.3070405@FreeBSD.org> <5425A548.9090306@FreeBSD.org> <5425D427.8090309@FreeBSD.org> <54298266.1090201@sentex.net> <5429851B.8060500@FreeBSD.org> <542AFC54.9010405@FreeBSD.org> <542B087D.3040903@FreeBSD.org> <CC9931CC-6BEA-4416-9546-42D6E49C1129@mac.com>
next in thread | previous in thread | raw e-mail | index | archive | help
I would agree with that. Considering the korn shell was found out to be =
importing functions from bash this morning that it does not completely =
know how to interpret goes to say that there is a much bigger issue at =
face here than the mere sys admins can begin to fathom quite yet.
There is still more to come from this. We may not see the end of it for =
the next 10 years.
But also to state bash 4.3.27 on 10-RELEASE-p9 reports as not vulnerable =
to the five known CVEs right now but that same shell compiled on a =
9.1-RELEASE system is still vulnerable to the last two CVEs =85 That =
said this is deep just when you think you have it conquered.
On Sep 30, 2014, at 16:25, Charles Swiger <cswiger@mac.com> wrote:
> On Sep 30, 2014, at 12:46 PM, Bryan Drewery <bdrewery@FreeBSD.org> =
wrote:
> [ ... ]
>> I even saw a reddit post last night complaining that OSX had updated
>> bash only to leave it "still vulnerable" because of the redir_stack =
issue.
>=20
> It doesn't seem to be?
>=20
> bash-3.2$ bash --version
> GNU bash, version 3.2.53(1)-release (x86_64-apple-darwin13)
> Copyright (C) 2007 Free Software Foundation, Inc.
>=20
> bash-3.2$ echo "Testing Exploit 4 (CVE-2014-7186)"
> Testing Exploit 4 (CVE-2014-7186)
> bash-3.2$ CVE7186=3D"$(bash -c 'true <<EOF <<EOF <<EOF <<EOF <<EOF =
<<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF' 2>/dev/null =
||echo -n V)"
> bash-3.2$ [ "${CVE7186}" =3D=3D "V" ] && echo "VULNERABLE" || echo =
"NOT VULNERABLE"
> NOT VULNERABLE
>=20
> This being said, I'm not confident that there won't be further issues =
found with bash....
>=20
> Regards,
> --=20
> -Chuck
>=20
> _______________________________________________
> freebsd-security@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to =
"freebsd-security-unsubscribe@freebsd.org"
--=20
Jason Hellenthal
Mobile: +1 (616) 953-0176
jhellenthal@DataIX.net
JJH48-ARIN
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?915DA264-1022-441B-93DE-229739A861B3>