On Sep 30, 2014, at 3:08 PM, Jung-uk Kim <j...@freebsd.org> wrote: > On 2014-09-30 18:00:31 -0400, Mike Tancsa wrote: >> On 9/30/2014 5:25 PM, Charles Swiger wrote: >>> bash-3.2$ echo "Testing Exploit 4 (CVE-2014-7186)" >>> Testing Exploit 4 (CVE-2014-7186) >>> bash-3.2$ CVE7186="$(bash -c 'true <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF >>> <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF' 2>/dev/null ||echo -n >>> V)" >>> bash-3.2$ [ "${CVE7186}" == "V" ] && echo "VULNERABLE" || echo "NOT >>> VULNERABLE" >>> NOT VULNERABLE >>> >>> This being said, I'm not confident that there won't be further issues >>> found with bash.... >>> >> >> What are people using to check these issues ? I was using >> >> https://github.com/hannob/bashcheck >> >> Not sure if that gives false positives ? > ... > > Yes, it seems it does. > > https://github.com/hannob/bashcheck/commit/5b611b36 > > Jung-uk Kim
Checking, and agreed. bash -c "true $(printf '<<EOF %.0s' {1..70})" 2>/dev/null ...works OK, but this crashes with a SIGSEGV: bash -c "true $(printf '<<EOF %.0s' {1..80})" 2>/dev/null Seems to be blowing out a ~84K malloc buffer located just above the __TEXT page for /bin/bash; it's not blowing out the stack directly and isn't affected by changing ulimit -s. Regards, -- -Chuck _______________________________________________ freebsd-ports@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-ports To unsubscribe, send any mail to "freebsd-ports-unsubscr...@freebsd.org"