I would agree with that. Considering the korn shell was found out to be importing functions from bash this morning that it does not completely know how to interpret goes to say that there is a much bigger issue at face here than the mere sys admins can begin to fathom quite yet.
There is still more to come from this. We may not see the end of it for the next 10 years. But also to state bash 4.3.27 on 10-RELEASE-p9 reports as not vulnerable to the five known CVEs right now but that same shell compiled on a 9.1-RELEASE system is still vulnerable to the last two CVEs … That said this is deep just when you think you have it conquered. On Sep 30, 2014, at 16:25, Charles Swiger <[email protected]> wrote: > On Sep 30, 2014, at 12:46 PM, Bryan Drewery <[email protected]> wrote: > [ ... ] >> I even saw a reddit post last night complaining that OSX had updated >> bash only to leave it "still vulnerable" because of the redir_stack issue. > > It doesn't seem to be? > > bash-3.2$ bash --version > GNU bash, version 3.2.53(1)-release (x86_64-apple-darwin13) > Copyright (C) 2007 Free Software Foundation, Inc. > > bash-3.2$ echo "Testing Exploit 4 (CVE-2014-7186)" > Testing Exploit 4 (CVE-2014-7186) > bash-3.2$ CVE7186="$(bash -c 'true <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF > <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF' 2>/dev/null ||echo -n V)" > bash-3.2$ [ "${CVE7186}" == "V" ] && echo "VULNERABLE" || echo "NOT > VULNERABLE" > NOT VULNERABLE > > This being said, I'm not confident that there won't be further issues found > with bash.... > > Regards, > -- > -Chuck > > _______________________________________________ > [email protected] mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "[email protected]" -- Jason Hellenthal Mobile: +1 (616) 953-0176 [email protected] JJH48-ARIN _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[email protected]"
