Date: Mon, 29 Sep 2014 11:09:02 +0400 From: Kuleshov Aleksey <rndfax@yandex.ru> To: freebsd-security@freebsd.org Cc: na@rtfm.net, robert@ml.erje.net Subject: Re: Bash ShellShock bug(s) Message-ID: <2423691411974542@web12j.yandex.ru>
next in thread | raw e-mail | index | archive | help
There is a repository https://github.com/hannob/bashcheck with convenient script to check for vulnerabilities. % sh bashcheck Vulnerable to CVE-2014-6271 (original shellshock) Vulnerable to CVE-2014-7169 (taviso bug) Not vulnerable to CVE-2014-7186 (redir_stack bug) Vulnerable to CVE-2014-7187 (nessted loops off by one) Variable function parser still active, likely vulnerable to yet unknown parser bugs like CVE-2014-6277 (lcamtuf bug) Does it mean that FreeBSD's sh is subject to such vulnerabilities?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?2423691411974542>