[CentOS] Bash still vulnerable
Lars Hecking
lhecking at users.sourceforge.netThu Oct 9 11:26:08 UTC 2014
- Previous message: [CentOS] DHCPv6 - requesting "other" information
- Next message: [CentOS] Bash still vulnerable
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
According to the vulnerability test script from shellshocker.net, the latest bash versions on CentOS5 and CentOS6, 3.2-33.el5_11.4 and 4.1.2-15.el6_5.2, resp., are still vulnerable to CVE-2014-6277. In fact, on CentOS6, abrtd will send you a nice report about it. Does anyone know if upstream is working on a fix? [root at host ~]# bash ~/shellshock_test.sh CVE-2014-6271 (original shellshock): not vulnerable /root/shellshock_test.sh: line 16: 17229 Segmentation fault (core dumped) bash -c "f() { x() { _;}; x() { _;} <<a; }" 2> /dev/null CVE-2014-6277 (segfault): VULNERABLE CVE-2014-6278 (Florian's patch): not vulnerable CVE-2014-7169 (taviso bug): not vulnerable CVE-2014-7186 (redir_stack bug): not vulnerable CVE-2014-7187 (nested loops off by one): not vulnerable CVE-2014-//// (exploit 3 on http://shellshocker.net/): not vulnerable [root at host ~]#
- Previous message: [CentOS] DHCPv6 - requesting "other" information
- Next message: [CentOS] Bash still vulnerable
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list