Re: [FD] the other bash RCEs (CVE-2014-6277 and CVE-2014-6278)

In reference to Michal Zalewski's detailed post: >Perhaps notably, the ability to specify attacker-controlled addresses >hinges on the state of --enable-bash-malloc and --enable-mem-scramble The correct ./configure argument for bash-malloc is --with-bash-malloc. Just wanted to note that out. I lea

Re: [FD] the other bash RCEs (CVE-2014-6277 and CVE-2014-6278)

> Can I quote you on: > PS. There are no other bugs in bash. There's no proof I ever said that! /mz ___ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure

Re: [FD] the other bash RCEs (CVE-2014-6277 and CVE-2014-6278)

michal, thank you for your incredibly informative report here. i have a minor correction. > Michal Zalewski > Wednesday, October 01, 2014 7:21 AM > ... > > Note: over the past few days, Florian's patch has been picked up by > major Linux distros (Red Hat, Debian, SUSE,