oss-sec mailing list archives

Re: CVE-2014-6271: remote code execution through bash

From: Chet Ramey <chet.ramey () case edu>
Date: Wed, 24 Sep 2014 16:00:49 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 9/24/14, 3:12 PM, mancha wrote:

Hello Chet et al.

While taking a closer look at this issue on Bash 4.2, I noticed a
potential NULL deref. i.e.

  $ FOO='() { :;}; blah4242' bash -c "echo bleh"

This occurs in bgp_prune() where, because bgpids.npid=0 and
js_c_childmax=-1, the code in the loop executes but bgpids.list=NULL.


Thanks for the report.  This is a problem, but the patch closes off
that code path.

Chet

- -- 
``The lyf so short, the craft so long to lerne.'' - Chaucer
                 ``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, ITS, CWRU    chet () case edu    http://cnswww.cns.cwru.edu/~chet/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (Darwin)

iEYEARECAAYFAlQjIvAACgkQu1hp8GTqdKulqgCeKgb8enVUZMM9qQgmCAEgjpg0
C2QAnRGtrZb9Uh9kMTAiDvtI9E6U5BSp
=Fxrx
-----END PGP SIGNATURE-----

Current thread:

Re: CVE-2014-6271: remote code execution through bash, (continued)
- - - Re: CVE-2014-6271: remote code execution through bash Solar Designer (Sep 24)
- Re: CVE-2014-6271: remote code execution through bash Solar Designer (Sep 24)
  - Re: CVE-2014-6271: remote code execution through bash Henri Salo (Sep 24)
  - Re: CVE-2014-6271: remote code execution through bash Alexander E. Patrakov (Sep 24)
    - Re: CVE-2014-6271: remote code execution through bash Chet Ramey (Sep 24)
    - Re: CVE-2014-6271: remote code execution through bash gremlin (Sep 24)
    - Re: CVE-2014-6271: remote code execution through bash Tim (Sep 24)
    - Re: CVE-2014-6271: remote code execution through bash Rich Felker (Sep 25)
  - Re: CVE-2014-6271: remote code execution through bash Chet Ramey (Sep 24)
    - Re: CVE-2014-6271: remote code execution through bash mancha (Sep 24)
    - Re: CVE-2014-6271: remote code execution through bash Chet Ramey (Sep 24)
    - Re: CVE-2014-6271: remote code execution through bash Solar Designer (Sep 24)
    - Re: CVE-2014-6271: remote code execution through bash Chet Ramey (Sep 25)
    - Re: CVE-2014-6271: remote code execution through bash Alan J. Wylie (Sep 26)
  - Re: CVE-2014-6271: remote code execution through bash Michal Zalewski (Sep 24)
    - Re: CVE-2014-6271: remote code execution through bash Florian Weimer (Sep 24)
    - Re: CVE-2014-6271: remote code execution through bash Hanno Böck (Sep 24)
    - Re: CVE-2014-6271: remote code execution through bash Florian Weimer (Sep 24)
    - Re: CVE-2014-6271: remote code execution through bash Pierre Schweitzer (Sep 24)
    - Re: CVE-2014-6271: remote code execution through bash gremlin (Sep 24)
    - Re: CVE-2014-6271: remote code execution through bash Chet Ramey (Sep 24)

(Thread continues...)