oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Shellshocker - Repository of "Shellshock" Proof of Concept Code

From: Michal Zalewski <lcamtuf () coredump cx>
Date: Sun, 5 Oct 2014 00:33:40 -0700
< https://github.com/mubix/shellshocker-pocs >


I mentioned this earlier on another thread, but I would really warn
people about relying on this unless they really understand what's
going on.

At a quick glance, CVE-2014-6271 and CVE-2014-7169 test cases will
stop working with Florian's patch (probably fine, since even if you
don't have patches for these bugs, you're at almost no risk). At the
same time, the test case for CVE-2014-7186 will claim that you're
vulnerable even with Florian's patch. Next, the test case for and
CVE-2014-7187 will probably always claim that you're vulnerable, even
if you have the patch installed (haven't tested, but looks that way).
And finally, the test cases for CVE-2014-6277 and CVE-2014-6278 are
incomplete and won't work if pasted as-is - you'll just get a syntax
error.

/mz
Previous By Date Next
Previous By Thread Next

Current thread: