Re: bash-3.1, Shellshock issue, specially CVE-2014-7187.

bug-bash

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: bash-3.1, Shellshock issue, specially CVE-2014-7187.

From:	Chet Ramey
Subject:	Re: bash-3.1, Shellshock issue, specially CVE-2014-7187.
Date:	Fri, 14 Nov 2014 08:46:10 -0500
User-agent:	Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:24.0) Gecko/20100101 Thunderbird/24.6.0

On 11/14/14, 1:25 AM, yutingkao23@yutingkao23-desktop wrote:

> Bash Version: 3.1
> Patch Level: 23
> Release Status: release
> 
> Description:
>         Where I test `(for x in {1..200} ; do echo "for x$x in ; do :"; done; 
> for x in {1..200} ; do echo done ; done) | bas$
>         It shows
>                 bash: line 46: syntax error near unexpected token `;'
>                 bash: line 46: `for x46 in ; do :'
>                 CVE-2014-7187 vulnerable, word_lineno" 

Your test is flawed; this has been covered previously on this mailing list.
bash-3.1 patch 21 fixes this problem.

Chet
-- 
``The lyf so short, the craft so long to lerne.'' - Chaucer
                 ``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, ITS, CWRU    chet@case.edu    http://cnswww.cns.cwru.edu/~chet/

[Prev in Thread]

Current Thread

[Next in Thread]

bash-3.1, Shellshock issue, specially CVE-2014-7187., yutingkao23, 2014/11/14
- Re: bash-3.1, Shellshock issue, specially CVE-2014-7187., Eric Blake, 2014/11/14
- Re: bash-3.1, Shellshock issue, specially CVE-2014-7187., Chet Ramey <=
- Re: bash-3.1, Shellshock issue, specially CVE-2014-7187., Vettel_Kao高毓廷, 2014/11/17

Prev by Date: Re: bash-3.1, Shellshock issue, specially CVE-2014-7187.
Next by Date: Re: Tab completion and ':'s
Previous by thread: Re: bash-3.1, Shellshock issue, specially CVE-2014-7187.
Next by thread: Re: bash-3.1, Shellshock issue, specially CVE-2014-7187.
Index(es):
- Date
- Thread