oss-sec mailing list archives

Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability)

From: Chet Ramey <chet.ramey () case edu>
Date: Mon, 29 Sep 2014 09:07:01 -0400

On 9/29/14, 8:55 AM, Giles Coochey wrote:

On 29/09/2014 12:17, Loganaden Velvindron wrote:

HI Chet, As you are aware, a sixth security issue has been discovered.
Due to the nature of the vulnerability, I believe that it's best to break
backward compatibility as done by FreeBSD and NetBSD until a proper patch
is developed. We are lucky to have security researchers reporting their
findings publicly. What about others that don't ? I strongly believe that
it's much safer to have it disabled, and have a complete and
comprehensive audit of the source code, and then re-enable it.


Am I the only one who is wondering: Who is paying Chet to do this?


Nobody is paying me to do this.

-- 
``The lyf so short, the craft so long to lerne.'' - Chaucer
                 ``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, ITS, CWRU    chet () case edu    http://cnswww.cns.cwru.edu/~chet/

Current thread:

Re: Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability), (continued)
- - - Re: Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Loganaden Velvindron (Sep 29)
    - Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Giles Coochey (Sep 29)
    - Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Michal Zalewski (Sep 29)
    - Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Michal Zalewski (Sep 29)
    - Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Osmond Sun (Sep 29)
    - Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Chet Ramey (Sep 29)
    - Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Kobrin, Eric (Sep 29)
    - Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Chet Ramey (Sep 29)
    - Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Osmond Sun (Sep 29)
    - Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Giles Coochey (Sep 29)
    - Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Chet Ramey (Sep 29)
    - Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Giles Coochey (Sep 29)
    - Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Ed Prevost (Sep 29)
    - RE: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Sona Sarmadi (Sep 29)
    - Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Ramon de C Valle (Sep 29)
    - Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Loganaden Velvindron (Sep 27)
    - Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Chet Ramey (Sep 27)
    - Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Christos Zoulas (Sep 27)
    - Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Loganaden Velvindron (Sep 27)
  - Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Guido Berhoerster (Sep 26)
- Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Mark R Bannister (Sep 26)

(Thread continues...)