Full Disclosure mailing list archives

Re: the other bash RCEs (CVE-2014-6277 and CVE-2014-6278)

From: Michael Bazzinotti <mbazzinotti () gmail com>
Date: Sat, 4 Oct 2014 03:48:52 -0400

In reference to Michal Zalewski's detailed post:

Perhaps notably, the ability to specify attacker-controlled addresses
hinges on the state of --enable-bash-malloc and --enable-mem-scramble


The correct ./configure argument for bash-malloc is --with-bash-malloc.
Just wanted to note that out. I learned this from going to compile bash
myself with these flags just now. :)

compile-time flags; if both are enabled, the memory returned by
xmalloc() will be initialized to 0xdf, making the prospect of
exploitation more speculative (essentially depending on whether the
stack or any other memory region can be grown to overlap with
0xdfdfdfdf)


Cheers,
-- 
*****************************
Michael Bazzinotti
University of Massachusetts Boston
bazz () cs umb edu
http://www.bazz1.com

_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Current thread:

the other bash RCEs (CVE-2014-6277 and CVE-2014-6278) Michal Zalewski (Oct 01)
- Re: the other bash RCEs (CVE-2014-6277 and CVE-2014-6278) Paul Vixie (Oct 01)
- Message not available
  - Re: the other bash RCEs (CVE-2014-6277 and CVE-2014-6278) Michal Zalewski (Oct 01)
- <Possible follow-ups>
- Re: the other bash RCEs (CVE-2014-6277 and CVE-2014-6278) Michael Bazzinotti (Oct 04)