oss-sec mailing list archives
Re: more bash parser bugs (CVE-2014-6277, CVE-2014-6278)
From: Shawn <citypw () gmail com>
Date: Thu, 2 Oct 2014 10:57:57 +0800
On Thu, Oct 2, 2014 at 5:45 AM, Ed Prevost <me () edwardprevost info> wrote:
On 10/1/2014 2:11 PM, Shawn wrote:On Thu, Oct 2, 2014 at 5:08 AM, Chet Ramey <chet.ramey () case edu> wrote:On 10/1/14, 5:04 PM, Shawn wrote:http://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-028Nope, this one fixes 7168/7169. It's the equivalent of the `parser-oob' patch. I have patches that fix 6277/6278 that are in the pipeline.oh, s0rry for the mistake...that'd be great if we can get the patch as quickly as possible. Thanks.-- ``The lyf so short, the craft so long to lerne.'' - Chaucer ``Ars longa, vita brevis'' - Hippocrates Chet Ramey, ITS, CWRU chet () case edu http://cnswww.cns.cwru.edu/~chet/Really!? Honestly!? "as quickly as possible"
What else could I say? A POC already released and a bunch of customer's machines are waiting...even the only mitigation is in GCC-lvl, which compile bash with ASLR/NX/PIE/CANARY.....too bad this time.
Man, we really should rally together and at least send Chet a recovery beer basket or something.
that's for sure...no problem with beer. I'll try to catch up with Chet in whatever random conferences;-) maybe two dozen beers
--Ed Application & Network Security, Research Scientist http://EdwardPrevost.info https://twitter.com/@EdwardPrevost
-- GNU powered it... GPL protect it... God blessing it... regards Shawn
Current thread:
- more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Hanno Böck (Oct 01)
- Re: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Chet Ramey (Oct 01)
- Re: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Shawn (Oct 01)
- Re: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Chet Ramey (Oct 01)
- Re: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Shawn (Oct 01)
- Re: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Ed Prevost (Oct 01)
- Re: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Zach Wikholm (Oct 01)
- RE: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Henry, Bobby (Oct 01)
- Re: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Chet Ramey (Oct 01)
- Re: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Ed Prevost (Oct 01)
- Re: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Shawn (Oct 01)
- Re: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Michal Zalewski (Oct 01)
- Re: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Shawn (Oct 01)
- Re: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Ed Prevost (Oct 01)
- Re: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Chet Ramey (Oct 01)
- Re: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Chet Ramey (Oct 02)
- Re: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Chet Ramey (Oct 01)
- RE: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Sona Sarmadi (Oct 01)
- Re: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Solar Designer (Oct 02)
- Re: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Chet Ramey (Oct 02)
- RE: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Menkhus, Mark (Global Cyber Security SSRT) (Oct 02)
- RE: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Sona Sarmadi (Oct 02)