On 29 sept. 2014, at 09:09, Kuleshov Aleksey <[email protected]> wrote:
> There is a repository https://github.com/hannob/bashcheck with convenient > script to check for vulnerabilities. > > % sh bashcheck > Vulnerable to CVE-2014-6271 (original shellshock) > Vulnerable to CVE-2014-7169 (taviso bug) > Not vulnerable to CVE-2014-7186 (redir_stack bug) > Vulnerable to CVE-2014-7187 (nessted loops off by one) > Variable function parser still active, likely vulnerable to yet unknown > parser bugs like CVE-2014-6277 (lcamtuf bug) > > Does it mean that FreeBSD's sh is subject to such vulnerabilities? No, it just means the script uses bash and your bash is vulnerable. patpro _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[email protected]"
