Awesome - Thanks everyone for the help! I will forward these responses
on to the security group. But again, Thank you everyone!!!
-Dave
On 10/17/14, Andreas Schwab wrote:
> Eric Blake writes:
>
>> The following is a better test for whether CVE-2014-7187 can be
>> exploited to remotely attack yo
Eric Blake writes:
> The following is a better test for whether CVE-2014-7187 can be
> exploited to remotely attack your system:
>
> f='() { echo vulnerable; } bash -c f
Missing quote character.
f='() { echo vulnerable; }' bash -c f
Andreas.
--
Andreas Schwab, sch...@linux-m68k.org
GPG Key f
On 10/17/2014 08:18 AM, Greg Wooledge wrote:
> On Fri, Oct 17, 2014 at 10:10:36AM -0400, Dave Kalaluhi wrote:
>> Locally we are using:
>>
>> (for x in {1..200} ; do echo "for x$x in ; do :"; done; for x in
>> {1..200} ; do echo done ; done) | bash ||
>> echo "CVE-2014-7187 vulnerable, word_lineno"
On Fri, Oct 17, 2014 at 10:10:36AM -0400, Dave Kalaluhi wrote:
> Locally we are using:
>
> (for x in {1..200} ; do echo "for x$x in ; do :"; done; for x in
> {1..200} ; do echo done ; done) | bash ||
> echo "CVE-2014-7187 vulnerable, word_lineno"
As mentioned in previous emails on this topic, tha
I guess that would help. I meant to include that in the initial mail,
but alas, running in 50K directions.
Locally we are using:
(for x in {1..200} ; do echo "for x$x in ; do :"; done; for x in
{1..200} ; do echo done ; done) | bash ||
echo "CVE-2014-7187 vulnerable, word_lineno"
If we run the t
On 10/16/2014 03:02 PM, Dave Kalaluhi wrote:
> We have been compiling some of the older versions of bash to fix
> vulnerabilities, and for the most, has been working.
>
> However, when we patch the 013 patch for CVE-2014-7187, and run the
> nested loop, it's still showing as vulnerable.
Exactly H
On 10/16/14, 5:02 PM, Dave Kalaluhi wrote:
> We have been compiling some of the older versions of bash to fix
> vulnerabilities, and for the most, has been working.
>
> However, when we patch the 013 patch for CVE-2014-7187, and run the
> nested loop, it's still showing as vulnerable.
>
> Has any
We have been compiling some of the older versions of bash to fix
vulnerabilities, and for the most, has been working.
However, when we patch the 013 patch for CVE-2014-7187, and run the
nested loop, it's still showing as vulnerable.
Has anyone else had a similiar experience?
Thanks for the help,
