[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Bash-4.3 Official Patch 25 Bug 896776 - (CVE-2014-6271)
|
From: |
ralf . naegele |
|
Subject: |
Bash-4.3 Official Patch 25 Bug 896776 - (CVE-2014-6271) |
|
Date: |
Thu, 25 Sep 2014 17:33:38 +0200 (CEST) |
Hello,
I've downloaded the source for bash 4.3 and all patches, patched the source to
Patch 25.
But according some description I've found (http://heise.de/-2403305 sorry, only
in German
available), you can test with the command
env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
if your bash is vulnerable. But according this test the bash 4.3 with patch 25
seems
still vulnerable. I've tried this test with other Linux servers, where the
patched
bash binaries came from the repositories (Ubuntu, CentOS), where this test now
fails.
So my question: is bash in this version with patch 25 still vulnerable to
CVE-2014-6271?
With kind regards,
Ralf
Configuration Information [Automatically generated, do not change]:
Machine: i686
OS: linux-gnu
Compiler: gcc
Compilation CFLAGS: -DPROGRAM='bash' -DCONF_HOSTTYPE='i686'
-DCONF_OSTYPE='linux-gnu' -DCONF_MACHTYPE='i686-pc-linux-gnu'
-DCONF_VENDOR='pc' -DLOCALEDIR='/usr/share/locale' -DPACKAGE='bash' -DSHELL
-DHAVE_CONFIG_H -I. -I. -I./include -I./lib -g -O2
uname output: Linux pinie 2.6.18.8-0.3-default #1 SMP Tue Apr 17 08:42:35 UTC
2007 i686 athlon i386 GNU/Linux
Machine Type: i686-pc-linux-gnu
Bash Version: 4.3
Patch Level: 25
Release Status: release
Description:
[Detailed description of the problem, suggestion, or complaint.]
Repeat-By:
[Describe the sequence of events that causes the problem
to occur.]
Fix:
[Description of how to fix the problem. If you don't know a
fix for the problem, don't include this section.]
- Bash-4.3 Official Patch 25 Bug 896776 - (CVE-2014-6271),
ralf . naegele <=