oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: more bash parser bugs (CVE-2014-6277, CVE-2014-6278)

From: Solar Designer <solar () openwall com>
Date: Thu, 2 Oct 2014 11:22:10 +0400
Sona - Chet is not on oss-security, we should be CC'ing him on relevant
messages.  I've just added the CC on this one.

On Thu, Oct 02, 2014 at 06:48:54AM +0000, Sona Sarmadi wrote:

On 10/1/14, 5:04 PM, Shawn wrote:

http://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-028


Nope, this one fixes 7168/7169.  It's the equivalent of the `parser-oob' patch.


Chet is 7168 new vulnerability or is a typo and should be CVE-2014-7186?
Doesn't bash43-026  fix CVE-2014-7169?


Is this summary correct?
1) CVE-2014-6271 (Initial vulnerability, Bash Code Injection Vulnerability via Specially Crafted Environment 
Variables): GNU fix bash43-025  & bash32-052 


2) CVE-2014-7169 (Further parser error,  this was assigned to cover incomplete fix for CVE-2014-6271): GNU fix 
bash43-026  & bash32-053


3) CVE-2014-6277 (this is the hardening patch which adds function name mangling, it makes exploitation over the 
network impossible): Florian's patch /GNU fix bash43-027 & bash32-054


4) CVE-2014-6278 (bash: code execution via specially crafted environment): Florian's patch /GNU fix bash43-027 & 
bash32-054


5) CVE-2014-7186 (Out of bound memory read error in redir_stack): GNU fix bash43-028 ??


6) CVE-2014-7187 (Off-by-one error in nested loops): No upstream patch available yet ?


Thanks 
-- Sona
Previous By Date Next
Previous By Thread Next

Current thread: