oss-sec mailing list archives
Re: CVE-2014-6271: remote code execution through bash
From: Eric Blake <eblake () redhat com>
Date: Sun, 28 Sep 2014 06:35:41 -0600
On 09/27/2014 11:22 PM, Hanno Böck wrote:
On Sat, 27 Sep 2014 21:39:19 -0400 Chet Ramey <chet.ramey () case edu> wrote:OK, here are the more-or-less final versions of the patches for bash-2.05b through bash-4.3. I made two changes from earlier today: the function export suffix is now `%%', which is not part of a the set of valid variable name characters but avoids any potential problems with including shell metacharacters in the name; and this version refuses to import shell functions whose name contains a slash, for reasons I discussed earlier.From what I can see your official patches still don't contain the out-of-bound memory fixes.
Correct, because those patches aren't official yet. But at the same time, the out-of-bounds bugs can no longer be used as a remote exploit vehicle, because the official patch 4.3.27 (and friends) guarantee that arbitrary values no longer call into the parser.
While not exposing the parser to random variables should shield that somewhat and reduce impact, they still should be fixed and the redhat patch looks pretty straightforward.
I'm sure Chet has plans to post more official patches in the coming week. -- Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- Re: CVE-2014-6271: remote code execution through bash, (continued)
- Message not available
- Message not available
- Message not available
- Message not available
- Message not available
- Re: CVE-2014-6271: remote code execution through bash Chet Ramey (Sep 27)
- Re: CVE-2014-6271: remote code execution through bash Chet Ramey (Sep 27)
- Re: CVE-2014-6271: remote code execution through bash Michal Zalewski (Sep 27)
- Re: CVE-2014-6271: remote code execution through bash Chet Ramey (Sep 27)
- Re: CVE-2014-6271: remote code execution through bash Chet Ramey (Sep 27)
- Re: CVE-2014-6271: remote code execution through bash Eric Blake (Sep 27)
- Re: CVE-2014-6271: remote code execution through bash Eric Blake (Sep 27)
- Re: CVE-2014-6271: remote code execution through bash Eric Blake (Sep 27)
- Re: CVE-2014-6271: remote code execution through bash Chet Ramey (Sep 29)
- Re: CVE-2014-6271: remote code execution through bash Hanno Böck (Sep 27)
- Re: CVE-2014-6271: remote code execution through bash Eric Blake (Sep 28)
- Healing the bash fork (was: Re: [oss-security] CVE-2014-6271: remote code execution through bash) Florian Weimer (Sep 29)
- Re: Healing the bash fork Eric Blake (Sep 29)
- Re: Healing the bash fork Kobrin, Eric (Sep 29)
- Re: Healing the bash fork Tavis Ormandy (Sep 29)
- Re: Healing the bash fork David A. Wheeler (Sep 29)
- Re: Healing the bash fork John Haxby (Sep 29)
- Re: Healing the bash fork Kobrin, Eric (Sep 29)
- Re: Healing the bash fork Chet Ramey (Sep 29)
- Re: Healing the bash fork gremlin (Sep 29)
- Re: Healing the bash fork Florian Weimer (Sep 30)