From owner-freebsd-security@FreeBSD.ORG Tue Sep 30 21:48:21 2014 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 586BDBB6 for ; Tue, 30 Sep 2014 21:48:21 +0000 (UTC) Received: from mail-ig0-x22f.google.com (mail-ig0-x22f.google.com [IPv6:2607:f8b0:4001:c05::22f]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 149067EA for ; Tue, 30 Sep 2014 21:48:21 +0000 (UTC) Received: by mail-ig0-f175.google.com with SMTP id uq10so6100igb.14 for ; Tue, 30 Sep 2014 14:48:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dataix.net; s=rsa; h=content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=h7uyCswl7L1JCbZzWb8+imALYLIP9zSoXmXww2NDkTM=; b=fba2F+5R+p41y2noNjgwShIu+TXMeE1NlvLzY5aTEMEs3qaSLdEQgBKhm0P90sGsm5 8w+eZqUyV9K4elm2F/porJGqQCX6ajnBDMTC8in+se1z8TrrNn4BsXulpLMW8YJ/yRXd XMj28mX94Ye0+s6p4t1sCd5W9oZBCMwJNMwPY= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:content-type:mime-version:subject:from :in-reply-to:date:cc:content-transfer-encoding:message-id:references :to; bh=h7uyCswl7L1JCbZzWb8+imALYLIP9zSoXmXww2NDkTM=; b=lfQ4MK8fG0wNJag+sD+S0b7hWDGhUTzelVi7fVrQJFnxFyMX93i51LPqfBhAFQ/8nI 8ZW7bfl92d1i7Imz48NuwFqBkOMZlMedHUKzoqv9m0HJyiWiTRwVIxibiqHQTAQHaZJ+ UvPoVpakNZx5H3rgDMWQHSODTbtP2oqP5QpgK6E7kRa5ddJtjtpbU/52+UenTgjUHyvy KR8FdiVhN8FMYuGru66okporUg51PPJ+CNtXtMKN6JBHdR6CE+GifMyg6pXpxofNKUi7 5578ghYJZx9j+GDTbQqaThFl8+vvKa7v5OhOv/sWwOCBI7HpAeVnXEXUDfvHcY+LOs/M qnFg== X-Gm-Message-State: ALoCoQkVYpguHkno2fjKB7K/ZuBO/2O5Phy4RKVbnnU2DdlTotzBomCUO2yEQmJMqGOA0k70BXfD X-Received: by 10.50.33.100 with SMTP id q4mr12870394igi.8.1412113700322; Tue, 30 Sep 2014 14:48:20 -0700 (PDT) Received: from [192.168.8.85] ([66.195.151.70]) by mx.google.com with ESMTPSA id qo8sm14086367igb.7.2014.09.30.14.48.19 for (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 30 Sep 2014 14:48:19 -0700 (PDT) Content-Type: text/plain; charset=windows-1252 Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\)) Subject: Re: bash velnerability From: Jason Hellenthal In-Reply-To: Date: Tue, 30 Sep 2014 16:48:17 -0500 Content-Transfer-Encoding: quoted-printable Message-Id: <915DA264-1022-441B-93DE-229739A861B3@dataix.net> References: <00000148ab969845-5940abcc-bb88-4111-8f7f-8671b0d0300b-000000@us-west-2.amazonses.com> <54243F0F.6070904@FreeBSD.org> <54244982.8010002@FreeBSD.org> <16EB2C50-FBBA-4797-83B0-FB340A737238@circl.lu> <542596E3.3070707@FreeBSD.org> <5425999A.3070405@FreeBSD.org> <5425A548.9090306@FreeBSD.org> <5425D427.8090309@FreeBSD.org> <54298266.1090201@sentex.net> <5429851B.8060500@FreeBSD.org> <542AFC54.9010405@FreeBSD.org> <542B087D.3040903@FreeBSD.org> To: Charles Swiger X-Mailer: Apple Mail (2.1878.6) Cc: freebsd-security , Jung-uk Kim , freebsd-ports , Bryan Drewery X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 30 Sep 2014 21:48:21 -0000 I would agree with that. Considering the korn shell was found out to be = importing functions from bash this morning that it does not completely = know how to interpret goes to say that there is a much bigger issue at = face here than the mere sys admins can begin to fathom quite yet. There is still more to come from this. We may not see the end of it for = the next 10 years. But also to state bash 4.3.27 on 10-RELEASE-p9 reports as not vulnerable = to the five known CVEs right now but that same shell compiled on a = 9.1-RELEASE system is still vulnerable to the last two CVEs =85 That = said this is deep just when you think you have it conquered. On Sep 30, 2014, at 16:25, Charles Swiger wrote: > On Sep 30, 2014, at 12:46 PM, Bryan Drewery = wrote: > [ ... ] >> I even saw a reddit post last night complaining that OSX had updated >> bash only to leave it "still vulnerable" because of the redir_stack = issue. >=20 > It doesn't seem to be? >=20 > bash-3.2$ bash --version > GNU bash, version 3.2.53(1)-release (x86_64-apple-darwin13) > Copyright (C) 2007 Free Software Foundation, Inc. >=20 > bash-3.2$ echo "Testing Exploit 4 (CVE-2014-7186)" > Testing Exploit 4 (CVE-2014-7186) > bash-3.2$ CVE7186=3D"$(bash -c 'true </dev/null = ||echo -n V)" > bash-3.2$ [ "${CVE7186}" =3D=3D "V" ] && echo "VULNERABLE" || echo = "NOT VULNERABLE" > NOT VULNERABLE >=20 > This being said, I'm not confident that there won't be further issues = found with bash.... >=20 > Regards, > --=20 > -Chuck >=20 > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to = "freebsd-security-unsubscribe@freebsd.org" --=20 Jason Hellenthal Mobile: +1 (616) 953-0176 jhellenthal@DataIX.net JJH48-ARIN