Your message dated Sun, 19 May 2013 14:21:12 +0300
with message-id <[email protected]>
and subject line fixed in
has caused the Debian Bug report #681278,
regarding Buffer overflow in bash
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
681278: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=681278
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: bash
Version: 4.1-3
Severity: important
Tags: security, fixed-upstream, patch, confirmed
Patch: ftp://ftp.gnu.org/pub/gnu/bash/bash-4.2-patches/bash42-033
PoC: test -e /dev/fd/111111111111111111111111111111111
Advisory: http://www.openwall.com/lists/oss-security/2012/07/11/11
fgeek@kludge:~$ cat foo.sh
#!/bin/bash -x
test -e /dev/fd/111111111111111111111111111111111
fgeek@kludge:~$ gdb bash
GNU gdb (GDB) 7.0.1-debian
Copyright (C) 2009 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /bin/bash...(no debugging symbols found)...done.
(gdb) run foo.sh
Starting program: /bin/bash foo.sh
Program received signal SIGSEGV, Segmentation fault.
0x0000000000450033 in ?? ()
(gdb) bt
#0 0x0000000000450033 in ?? ()
#1 0x000000000046c8b9 in sh_xmalloc ()
#2 0x00000000004885fd in strvec_from_word_list ()
#3 0x00000000006f3448 in ?? ()
#4 0x0000000000000134 in ?? ()
#5 0x000000000047a22c in test_builtin ()
#6 0x0000000000432500 in ?? ()
#7 0x0000000000436c84 in ?? ()
#8 0x0000000000433b64 in execute_command_internal ()
#9 0x00000000004347ce in execute_command ()
#10 0x00000000004216f2 in reader_loop ()
#11 0x0000000000420e00 in main ()
(gdb) quit
fgeek@kludge:~$ bash --version
GNU bash, version 4.1.5(1)-release (x86_64-pc-linux-gnu)
-- System Information:
Debian Release: 6.0.5
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.4.1 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL
set to en_US.UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages bash depends on:
ii base-files 6.0squeeze5 Debian base system miscellaneous f
ii dash 0.5.5.1-7.4 POSIX-compliant shell
ii debianutils 3.4 Miscellaneous utilities specific t
ii libc6 2.11.3-3 Embedded GNU C Library: Shared lib
ii libncurses5 5.7+20100313-5 shared libraries for terminal hand
Versions of packages bash recommends:
pn bash-completion <none> (no description available)
Versions of packages bash suggests:
pn bash-doc <none> (no description available)
-- no debconf information
--- End Message ---
--- Begin Message ---
Could not reproduce in wheezy.
signature.asc
Description: Digital signature
--- End Message ---
