bug-bash
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: bash-2.05b-013 appears to not work


From: Dave Kalaluhi
Subject: Re: bash-2.05b-013 appears to not work
Date: Fri, 17 Oct 2014 10:10:36 -0400

I guess that would help. I meant to include that in the initial mail,
but alas, running in 50K directions.

Locally we are using:

(for x in {1..200} ; do echo "for x$x in ; do :"; done; for x in
{1..200} ; do echo done ; done) | bash ||
echo "CVE-2014-7187 vulnerable, word_lineno"

If we run the test via ssh, it is showing patched, however locally is
still showing vulnerable.

Thanks Eric,
Dave

On 10/16/14, Chet Ramey <address@hidden> wrote:
> On 10/16/14, 5:02 PM, Dave Kalaluhi wrote:
>> We have been compiling some of the older versions of bash to fix
>> vulnerabilities, and for the most, has been working.
>>
>> However, when we patch the 013 patch for CVE-2014-7187, and run the
>> nested loop, it's still showing as vulnerable.
>>
>> Has anyone else had a similiar experience?
>
> Since the code that had the off-by-one error was not even in bash-2.05b,
> I'm skeptical that it's vulnerable.
>
> --
> ``The lyf so short, the craft so long to lerne.'' - Chaucer
>                ``Ars longa, vita brevis'' - Hippocrates
> Chet Ramey, ITS, CWRU    address@hidden    http://cnswww.cns.cwru.edu/~chet/
>



reply via email to

[Prev in Thread] Current Thread [Next in Thread]