bug-bash
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: CVE-2014-7187


From: Nabiałek , Wojciech
Subject: RE: CVE-2014-7187
Date: Fri, 10 Oct 2014 14:00:41 +0000

Thanks for quick reply

Difference is in version number, mine is 4.3.30(3), your 4.3.30(2)

address@hidden wojtek]# bash --version
GNU bash, version 4.3.30(3)-release (i686-pc-linux-gnu)
Copyright (C) 2013 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>

This is free software; you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

address@hidden wojtek]# (for x in {1..200} ; do echo "for x$x in ; do :"; done; 
for x in {1..200} ; do echo done ; done) | bash || echo "CVE-2014-7187 
vulnerable, word_lineno"
bash: line 2: `x{1..200}': not a valid identifier
CVE-2014-7187 vulnerable, word_lineno

This code is not mine, refer to: 
http://stevejenkins.com/blog/2014/09/how-to-manually-update-bash-to-patch-shellshock-bug-on-older-fedora-based-systems/
 Exploit 5. 
The standard version of shellshock was ignored by me as hard to use for real 
remote attack. It was very short time to see I was wrong, so this time I want 
to be sure :)

Regards, Wojtek

-----Original Message-----
From: Chet Ramey [mailto:address@hidden 
Sent: Friday, October 10, 2014 3:37 PM
To: Nabiałek, Wojciech; address@hidden
Cc: address@hidden
Subject: Re: CVE-2014-7187

On 10/10/14, 4:03 AM, Nabiałek, Wojciech wrote:
> Hi,
> 
> Bash 4.3 after patch 30 is still vulnerable for shellshock CVE-2014-7187.

No, it's not.

> (for x in {1..200} ; do echo "for x$x in ; do :"; done; for x in {1..200} ; 
> do echo done ; done) | bash || echo "CVE-2014-7187 vulnerable, word_lineno"

I'm curious about what you think this demonstrates, but in the meantime:

$ ./bash --version
GNU bash, version 4.3.30(2)-release (x86_64-unknown-linux-gnu) Copyright (C) 
2013 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>

This is free software; you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
$ (for x in {1..200} ; do echo "for x$x in ; do :"; done; for x in {1..200} ; 
do echo done ; done) | ./bash $ echo $?
0

Chet
--
``The lyf so short, the craft so long to lerne.'' - Chaucer
                 ``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, ITS, CWRU    address@hidden    http://cnswww.cns.cwru.edu/~chet/

reply via email to

[Prev in Thread] Current Thread [Next in Thread]