oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: more bash parser bugs (CVE-2014-6277, CVE-2014-6278)

From: Shawn <citypw () gmail com>
Date: Thu, 2 Oct 2014 10:57:57 +0800
On Thu, Oct 2, 2014 at 5:45 AM, Ed Prevost <me () edwardprevost info> wrote:

On 10/1/2014 2:11 PM, Shawn wrote:

On Thu, Oct 2, 2014 at 5:08 AM, Chet Ramey <chet.ramey () case edu> wrote:

On 10/1/14, 5:04 PM, Shawn wrote:

http://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-028

Nope, this one fixes 7168/7169.  It's the equivalent of the
`parser-oob' patch.

I have patches that fix 6277/6278 that are in the pipeline.


oh, s0rry for the mistake...that'd be great if we can get the patch as
quickly as possible. Thanks.


--
``The lyf so short, the craft so long to lerne.'' - Chaucer
                 ``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, ITS, CWRU    chet () case edu    http://cnswww.cns.cwru.edu/~chet/




Really!? Honestly!? "as quickly as possible"


What else could I say? A POC already released and a bunch of
customer's machines are waiting...even the only mitigation is in
GCC-lvl, which compile bash with ASLR/NX/PIE/CANARY.....too bad this
time.


Man, we really should rally together and at least send Chet a recovery
beer basket or something.


that's for sure...no problem with beer. I'll try to catch up with Chet
in whatever random conferences;-) maybe two dozen beers


--Ed
Application & Network Security, Research Scientist
http://EdwardPrevost.info
https://twitter.com/@EdwardPrevost





-- 
GNU powered it...
GPL protect it...
God blessing it...

regards
Shawn
Previous By Date Next
Previous By Thread Next

Current thread: