Bash bug

Talk here about security in general. Posting illegals software is prohibited. All stuffs in this forum must be considered as for "Educational purpose only".
neko
Contributor
Contributor
Posts: 867
Joined: 09 Feb 2013, 09:55
Distribution: APorteus-FVWM-ja-x86_64.iso
Location: japan

Re: Bash bug

Post#46 by neko » 18 Oct 2014, 07:50

usm-latest-0.0-noarch-1 of both 001-core4.xzms was updated.

core5.tar
http://www.mediafire.com/download/22w4o ... /core5.tar

is constructed with

32bit/
32bit/001-core5.xzm.md5
32bit/001-core5.xzm
64bit/
64bit/001-core5.xzm.md5
64bit/001-core5.xzm

neko
Contributor
Contributor
Posts: 867
Joined: 09 Feb 2013, 09:55
Distribution: APorteus-FVWM-ja-x86_64.iso
Location: japan

Re: Bash bug

Post#47 by neko » 19 Oct 2014, 10:40

The "bash"s of 32bit/64bit version3.1-rc1 001-core.xzm were updated.

core.v3.1-rc1.tar
http://www.mediafire.com/download/zwm7j ... .1-rc1.tar

is constructed with
32bit/
32bit/001-core2.xzm
32bit/001-core2.xzm.md5
64bit/
64bit/001-core2.xzm
64bit/001-core2.xzm.md5

Thanks.

=========================
[bash test of 32bit version3.1-rc1 001-core.xzm]
guest$ bashcheck.txt
Testing /usr/bin/bash ...
GNU bash, version 4.2.50(2)-release (i486-slackware-linux-gnu)

Variable function parser pre/suffixed [%%, upstream], bugs not exploitable
Not vulnerable to CVE-2014-6271 (original shellshock)
Not vulnerable to CVE-2014-7169 (taviso bug)
Not vulnerable to CVE-2014-7186 (redir_stack bug)
Test for CVE-2014-7187 not reliable without address sanitizer
Found non-exploitable CVE-2014-6277 (lcamtuf bug #1)
Found non-exploitable CVE-2014-6278 (lcamtuf bug #2)


root# bashcheck.txt
Testing /bin/bash ...
GNU bash, version 4.2.50(2)-release (i486-slackware-linux-gnu)

Variable function parser pre/suffixed [%%, upstream], bugs not exploitable
Not vulnerable to CVE-2014-6271 (original shellshock)
Not vulnerable to CVE-2014-7169 (taviso bug)
Found non-exploitable CVE-2014-7186 (redir_stack bug)
Test for CVE-2014-7187 not reliable without address sanitizer
Found non-exploitable CVE-2014-6277 (lcamtuf bug #1)
Found non-exploitable CVE-2014-6278 (lcamtuf bug #2)

=========================
[bash test of 32bit version3.1-rc1 001-core2.xzm]
guest$ bashcheck.txt
Testing /usr/bin/bash ...
GNU bash, version 4.2.25(1)-release (i686-pc-linux-gnu)

Variable function parser pre/suffixed [%%, upstream], bugs not exploitable
Not vulnerable to CVE-2014-6271 (original shellshock)
Not vulnerable to CVE-2014-7169 (taviso bug)
Not vulnerable to CVE-2014-7186 (redir_stack bug)
Test for CVE-2014-7187 not reliable without address sanitizer
Not vulnerable to CVE-2014-6277 (lcamtuf bug #1)
Not vulnerable to CVE-2014-6278 (lcamtuf bug #2)


root# bashcheck.txt
Testing /bin/bash ...
GNU bash, version 4.2.25(1)-release (i686-pc-linux-gnu)

Variable function parser pre/suffixed [%%, upstream], bugs not exploitable
Not vulnerable to CVE-2014-6271 (original shellshock)
Not vulnerable to CVE-2014-7169 (taviso bug)
Not vulnerable to CVE-2014-7186 (redir_stack bug)
Test for CVE-2014-7187 not reliable without address sanitizer
Not vulnerable to CVE-2014-6277 (lcamtuf bug #1)
Not vulnerable to CVE-2014-6278 (lcamtuf bug #2)

=========================

Post Reply