Re: bash velnerability

Charles Swiger Tue, 30 Sep 2014 14:26:15 -0700

On Sep 30, 2014, at 12:46 PM, Bryan Drewery <bdrew...@freebsd.org> wrote:
[ ... ]
> I even saw a reddit post last night complaining that OSX had updated
> bash only to leave it "still vulnerable" because of the redir_stack issue.


It doesn't seem to be?

bash-3.2$ bash --version
GNU bash, version 3.2.53(1)-release (x86_64-apple-darwin13)
Copyright (C) 2007 Free Software Foundation, Inc.

bash-3.2$ echo "Testing Exploit 4 (CVE-2014-7186)"
Testing Exploit 4 (CVE-2014-7186)
bash-3.2$ CVE7186="$(bash -c 'true <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF 
<<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF' 2>/dev/null ||echo -n V)"
bash-3.2$ [ "${CVE7186}" == "V" ] && echo "VULNERABLE" || echo "NOT VULNERABLE"
NOT VULNERABLE

This being said, I'm not confident that there won't be further issues found 
with bash....

Regards,
-- 
-Chuck

_______________________________________________
freebsd-ports@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-ports
To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"

Re: bash velnerability

Reply via email to