Full Disclosure mailing list archives
Re: the other bash RCEs (CVE-2014-6277 and CVE-2014-6278)
From: Michael Bazzinotti <mbazzinotti () gmail com>
Date: Sat, 4 Oct 2014 03:48:52 -0400
In reference to Michal Zalewski's detailed post:
Perhaps notably, the ability to specify attacker-controlled addresses hinges on the state of --enable-bash-malloc and --enable-mem-scramble
The correct ./configure argument for bash-malloc is --with-bash-malloc. Just wanted to note that out. I learned this from going to compile bash myself with these flags just now. :)
compile-time flags; if both are enabled, the memory returned by xmalloc() will be initialized to 0xdf, making the prospect of exploitation more speculative (essentially depending on whether the stack or any other memory region can be grown to overlap with 0xdfdfdfdf)
Cheers, -- ***************************** Michael Bazzinotti University of Massachusetts Boston bazz () cs umb edu http://www.bazz1.com _______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- the other bash RCEs (CVE-2014-6277 and CVE-2014-6278) Michal Zalewski (Oct 01)
- Re: the other bash RCEs (CVE-2014-6277 and CVE-2014-6278) Paul Vixie (Oct 01)
- Message not available
- Re: the other bash RCEs (CVE-2014-6277 and CVE-2014-6278) Michal Zalewski (Oct 01)
- <Possible follow-ups>
- Re: the other bash RCEs (CVE-2014-6277 and CVE-2014-6278) Michael Bazzinotti (Oct 04)