: Eduardo A. Bustamante López dual...@gmail.com
To: ralf.naeg...@she.net
Cc: bug-bash@gnu.org
Subject: Re: Bash-4.3 Official Patch 25 Bug 896776 - (CVE-2014-6271)
On Thu, Sep 25, 2014 at 05:33:38PM +0200, ralf.naeg...@she.net wrote:
Hello,
I've downloaded the source for bash 4.3 and all
On 26/09/2014 08:23, Ralf Naegele wrote:
Hello Eduardo,
I haven't installed the patched bash yet. I called it in the source
directory after compiling, it with ./bash so I think this should start the
patched bash.
You started ./bash as the parent reading the offending line, but did you also
definition attempt
bash: error importing function definition for `x'
this is a test
Regards,
Ralf
On Thu, 25 Sep 2014, Greg Wooledge wrote:
Date: Thu, 25 Sep 2014 16:52:19 -0400
From: Greg Wooledge wool...@eeg.ccf.org
To: ralf.naeg...@she.net
Cc: bug-bash@gnu.org
Subject: Re: Bash-4.3 Official Patch
alexandre.ferri...@orange.com
To: Ralf Naegele ralf.naeg...@she.net
Cc: Eduardo A. Bustamante López dual...@gmail.com, bug-bash@gnu.org
Subject: Re: Bash-4.3 Official Patch 25 Bug 896776 - (CVE-2014-6271)
On 26/09/2014 08:23, Ralf Naegele wrote:
Hello Eduardo,
I haven't installed the patched
On Thu, Sep 25, 2014 at 07:58:56PM -0400, Chet Ramey wrote:
We used to do that, and part of the code that I removed in patch 25
supported the original `name()=() {'. We didn't use that very long; it
turns out that the Bourne shell (and others, at that time) dumps core on
malformed environment
On 09/26/2014 06:05 AM, Greg Wooledge wrote:
HP-UX 10.20 (which is from 1994, and was end-of-lifed many years ago)
only has a Bourne shell in /usr/old/bin/sh. It's not used in normal
operations. The /bin/sh on HP-UX is basically a stripped-down ksh.
Unfortunately it's a bit tricky to test
On Thu, Sep 25, 2014 at 06:02:11AM -0700, gnu.bash.bug wrote:
Hi,
This patch does not seem to work on HP-UX:
Worked for me on 10.20.
$ /usr/bin/env x='() { :;}; echo vulnerable' bash -c 'echo hello'
vulnerable
hello
imadev:~$ uname -a
HP-UX imadev B.10.20 A 9000/785 2008897791 two-user
On 9/25/14, 9:02 AM, gnu.bash.bug wrote:
Hi,
This patch does not seem to work on HP-UX:
$ ./bash --version
GNU bash, version 4.3.25(1)-release (ia64-hp-hpux11.31)
Copyright (C) 2013 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later http://gnu.org/licenses/gpl.html
Ah great, thanks for that...though since there's still the bug in p025 (see
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7169 ) I'll keep
spinning my wheels and watching the git branches until p026 rolls out.
ta,
Mark
On Thu, Sep 25, 2014 at 3:55 PM, Chris F.A. Johnson
Are you absolutely sure that the bash your command is invoking is
the patched one?
You are right! I had like 4 other bash versions in my PATH
So case closed... ;)
Thanks!
Michael
Good day Chet, bash-list -
I just checked out the latest git head, applied the bash43-025 patch, and built
$ ./bash --version
GNU bash, version 4.3.25(3)-release (x86_64-unknown-linux-gnu)
...
which PASSED its 'make check' test suite, both under Ubuntu 14.04.1 LTS
and under RHEL-6.5+ , on an
On Thu, Sep 25, 2014 at 02:50:03PM +0100, Jason Vas Dias wrote:
But now there is an issue - bash seems to lose its idea of stdout / stderr
being
a terminal within read loops, as illustrated by this test script (/tmp/t.sh):
quote
#!/bin/bash
tty
echo $'1\n2' test.list;
while read line;
Jason Vas Dias jason.vas.d...@gmail.com writes:
quote
#!/bin/bash
tty
echo $'1\n2' test.list;
while read line; do
tty;
done test.list
/quote
Its output illustrates the problem:
quote
$ ./bash /tmp/t.sh
/dev/pts/6
not a tty
not a tty
/quote
tty uses stdin, so this is the
Oops, sorry, this issue is nothing to do with the bash43-025 patch -
I just verified that the same issue occurs with bash 4.1.2(1) .
The issue was that a script that does an 'stty' command was
failing when run in a 'while read ... ' loop. It wasn't using
'stty -F', so was trying to stty on stdin,
Hello,
I've downloaded the source for bash 4.3 and all patches, patched the source to
Patch 25.
But according some description I've found (http://heise.de/-2403305 sorry, only
in German
available), you can test with the command
env x='() { :;}; echo vulnerable' bash -c echo this is a test
if
On 09/25/2014 09:33 AM, ralf.naeg...@she.net wrote:
Hello,
I've downloaded the source for bash 4.3 and all patches, patched the source
to Patch 25.
But according some description I've found (http://heise.de/-2403305 sorry,
only in German
available), you can test with the command
env
On 9/24/14, 5:38 PM, Eric Blake wrote:
and I'd feel much more comfortable with exporting f()=... as the
backdoor for passing the function definition, _particularly_ since the
shell already allows functions and variables to co-exist:
We used to do that, and part of the code that I removed in
On Friday, September 26, 2014 9:58:56 AM UTC+10, Chet Ramey wrote:
On 9/24/14, 5:38 PM, Eric Blake wrote:
and I'd feel much more comfortable with exporting f()=... as the
backdoor for passing the function definition, _particularly_ since the
shell already allows functions and
BASH PATCH REPORT
=
Bash-Release: 4.3
Patch-ID: bash43-025
Bug-Reported-by:Stephane Chazelas stephane.chaze...@gmail.com
Bug-Reference-ID:
Bug-Reference-URL:
Bug-Description:
Under certain circumstances,
On 09/24/2014 08:27 AM, Chet Ramey wrote:
BASH PATCH REPORT
=
Bash-Release: 4.3
Patch-ID: bash43-025
Bug-Reported-by: Stephane Chazelas stephane.chaze...@gmail.com
Bug-Reference-ID:
Bug-Reference-URL:
Eric Blake wrote:
https://bugzilla.redhat.com/show_bug.cgi?id=1141597 describes this bug
(aka CVE-2014-6271), and points out that even _with_ this patch, there
is still a flaw that attackers can use to overwrite portions of the
filesystem, which is also a possible exploitation avenue:
$ ls
Also, you can embed arguments, allowing for arbitrary execution:
$ env -i X='() { (a)=\' bash -c 'echo curl -s https://bugzilla.redhat.com/';
head echo
bash: X: line 1: syntax error near unexpected token `='
bash: X: line 1: `'
bash: error importing function definition for `X'
!DOCTYPE html
Bash-Release:4.3
Patch-ID:bash43-025
As a binary distribution archive maintainer, I'd be keen to see the authors
distributing a cumulative bash-4.3p025.tar.gz source bundle (probably p026 to
nail the new issues above). The ftp://ftp.cwru.edu/pub/bash site just has the
main 4.3
On Wed, 24 Sep 2014, m...@ibiblio.org wrote:
Bash-Release:4.3
Patch-ID:bash43-025
As a binary distribution archive maintainer, I'd be keen to see the
authors distributing a cumulative bash-4.3p025.tar.gz source bundle
(probably p026 to nail the new issues above). The
24 matches
Mail list logo