oss-sec mailing list archives

Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability)

From: Ed Prevost <me () edwardprevost info>
Date: Mon, 29 Sep 2014 06:41:41 -0700

On 9/29/2014 6:07 AM, Chet Ramey wrote:

On 9/29/14, 8:55 AM, Giles Coochey wrote:

On 29/09/2014 12:17, Loganaden Velvindron wrote:

HI Chet, As you are aware, a sixth security issue has been discovered.
Due to the nature of the vulnerability, I believe that it's best to break
backward compatibility as done by FreeBSD and NetBSD until a proper patch
is developed. We are lucky to have security researchers reporting their
findings publicly. What about others that don't ? I strongly believe that
it's much safer to have it disabled, and have a complete and
comprehensive audit of the source code, and then re-enable it.

Am I the only one who is wondering: Who is paying Chet to do this?

Nobody is paying me to do this.

I have been praying for you since Wed, watching this list has made me
empathize for you greatly. Any chance you have a bitcoin or other
donations link somewhere?

Current thread:

Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability), (continued)
- - - Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Michal Zalewski (Sep 29)
    - Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Michal Zalewski (Sep 29)
    - Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Osmond Sun (Sep 29)
    - Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Chet Ramey (Sep 29)
    - Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Kobrin, Eric (Sep 29)
    - Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Chet Ramey (Sep 29)
    - Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Osmond Sun (Sep 29)
    - Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Giles Coochey (Sep 29)
    - Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Chet Ramey (Sep 29)
    - Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Giles Coochey (Sep 29)
    - Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Ed Prevost (Sep 29)
    - RE: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Sona Sarmadi (Sep 29)
    - Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Ramon de C Valle (Sep 29)
    - Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Loganaden Velvindron (Sep 27)
    - Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Chet Ramey (Sep 27)
    - Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Christos Zoulas (Sep 27)
    - Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Loganaden Velvindron (Sep 27)
  - Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Guido Berhoerster (Sep 26)
- Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Mark R Bannister (Sep 26)
- Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Simon McVittie (Sep 26)
  - Re: Re: CVE-2014-6271: remote code execution through bash (3rd vulnerability) Rich Felker (Sep 26)

(Thread continues...)