(cc ehaupt@ about the core dump of latest bash port)
On 29 sept. 2014, at 09:34, Кулешов Алексей <[email protected]> wrote:
> Right. Okay then, here it is:
>
> # pkg remove bash
> ... change 'bash' to 'sh' in bashcheck ...
> # sh bashcheck
> Not vulnerable to CVE-2014-6271 (original shellshock)
> Not vulnerable to CVE-2014-7169 (taviso bug)
> Not vulnerable to CVE-2014-7186 (redir_stack bug)
> Vulnerable to CVE-2014-7187 (nessted loops off by one)
> Variable function parser inactive, likely safe from unknown parser bugs
>
> So, there is no bash on my system anymore, but script says it has one
> vulnerability.
> Is it actually vulnerability or it's me who must take a good sleep? :)
This is odd. As far as I know, no one reported sh as being vulnerable to
CVE-2014-7187. But may be it's only on FreeBSD... I don't have an answer to
that.
Side note about bashcheck on a patched bash (latest bash available in ports):
it yields to a core dump.
$ bash --version
GNU bash, version 4.3.27(0)-release (amd64-portbld-freebsd8.4)
--------
Not vulnerable to CVE-2014-6271 (original shellshock)
Not vulnerable to CVE-2014-7169 (taviso bug)
/tmp/bashtest: line 18: 37449 Segmentation fault: 11 (core dumped) bash -c
"true $(printf '<<EOF %.0s' {1..79})" 2> /dev/null
Vulnerable to CVE-2014-7186 (redir_stack bug)
Test for CVE-2014-7187 not reliable without address sanitizer
Variable function parser inactive, likely safe from unknown parser bugs
--------
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "[email protected]"
