On 2014-09-30 18:00:31 -0400, Mike Tancsa wrote: > On 9/30/2014 5:25 PM, Charles Swiger wrote: >> bash-3.2$ echo "Testing Exploit 4 (CVE-2014-7186)" >> Testing Exploit 4 (CVE-2014-7186) >> bash-3.2$ CVE7186="$(bash -c 'true <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF >> <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF' 2>/dev/null ||echo -n >> V)" >> bash-3.2$ [ "${CVE7186}" == "V" ] && echo "VULNERABLE" || echo "NOT >> VULNERABLE" >> NOT VULNERABLE >> >> This being said, I'm not confident that there won't be further issues >> found with bash.... >> > > What are people using to check these issues ? I was using > > https://github.com/hannob/bashcheck > > Not sure if that gives false positives ? ...
Yes, it seems it does. https://github.com/hannob/bashcheck/commit/5b611b36 Jung-uk Kim _______________________________________________ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"