bash velnerability
Charles Swiger
cswiger at mac.com
Tue Sep 30 21:25:18 UTC 2014
On Sep 30, 2014, at 12:46 PM, Bryan Drewery <bdrewery at FreeBSD.org> wrote:
[ ... ]
> I even saw a reddit post last night complaining that OSX had updated
> bash only to leave it "still vulnerable" because of the redir_stack issue.
It doesn't seem to be?
bash-3.2$ bash --version
GNU bash, version 3.2.53(1)-release (x86_64-apple-darwin13)
Copyright (C) 2007 Free Software Foundation, Inc.
bash-3.2$ echo "Testing Exploit 4 (CVE-2014-7186)"
Testing Exploit 4 (CVE-2014-7186)
bash-3.2$ CVE7186="$(bash -c 'true <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF' 2>/dev/null ||echo -n V)"
bash-3.2$ [ "${CVE7186}" == "V" ] && echo "VULNERABLE" || echo "NOT VULNERABLE"
NOT VULNERABLE
This being said, I'm not confident that there won't be further issues found with bash....
Regards,
--
-Chuck
More information about the freebsd-ports
mailing list