oss-sec mailing list archives
RE: more bash parser bugs (CVE-2014-6277, CVE-2014-6278)
From: Sona Sarmadi <sona.sarmadi () enea com>
Date: Thu, 2 Oct 2014 10:38:54 +0000
Thanks Michal,
* CVE-2014-6277 - uninitialized memory issue, almost certainly RCE found by me. No specific patch yet.
According to shellshock test (https://shellshocker.net/shellshock_test.sh) Florian's patch (Gnu patch bash43-027) and all other GNU patches (bash43-025 , bash43-026 & bash43-027 ) seems to have solved all so far known shellshock vulnerabilities. root@qemuarm:~# ./shellshock_test.sh CVE-2014-6271 (original shellshock): not vulnerable bash: shellshocker: command not found CVE-2014-6278 (Florian's patch): not vulnerable CVE-2014-7169 (taviso bug): not vulnerable CVE-2014-//// (exploit 3 on http://shellshocker.net/): not vulnerable CVE-2014-7186 (redir_stack bug): not vulnerable CVE-2014-7187 (nested loops off by one): not vulnerable I guess CVE-2014-//// in the "shellshock_test.sh" should be CVE-2014-6277, right? Thanks /Sona
Current thread:
- Re: more bash parser bugs (CVE-2014-6277, CVE-2014-6278), (continued)
- Re: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Ed Prevost (Oct 01)
- Re: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Chet Ramey (Oct 02)
- Re: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Chet Ramey (Oct 01)
- RE: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Sona Sarmadi (Oct 01)
- Re: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Solar Designer (Oct 02)
- Re: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Chet Ramey (Oct 02)
- RE: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Menkhus, Mark (Global Cyber Security SSRT) (Oct 02)
- RE: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Sona Sarmadi (Oct 02)
- RE: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Menkhus, Mark (Global Cyber Security SSRT) (Oct 02)
- Re: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Michal Zalewski (Oct 02)
- RE: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Sona Sarmadi (Oct 02)
- Re: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Michal Zalewski (Oct 02)
- RE: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Sona Sarmadi (Oct 03)
- RE: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Sona Sarmadi (Oct 03)