On 10/9/14, 6:06 PM, Pádraig Brady wrote: > On 10/09/2014 08:46 PM, Rick Karcich (rkarcich) wrote: >> Hello Chet, >> >> Re: testing for Shellshock... would like your feedback... specifically, >> regarding the possibility of human-directed combinatorial testing to find >> this Bash vulnerability... > > Sounds like how Michal Zalewski found the related CVE-2014-6278 > http://lcamtuf.blogspot.ie/2014/10/bash-bug-how-we-finally-cracked.html
That's a promising approach. I asked Michal to continue running the fuzzer against the patched, but he did not respond to that yet. Chet -- ``The lyf so short, the craft so long to lerne.'' - Chaucer ``Ars longa, vita brevis'' - Hippocrates Chet Ramey, ITS, CWRU c...@case.edu http://cnswww.cns.cwru.edu/~chet/