Bash bug

Talk here about security in general. Posting illegals software is prohibited. All stuffs in this forum must be considered as for "Educational purpose only".
neko
DEV Team
DEV Team
Posts: 2109
Joined: 09 Feb 2013, 09:55
Distribution: APorteus-FVWM-ja-x86_64.iso
Location: japan

Re: Bash bug

Post#46 by neko » 18 Oct 2014, 07:50

usm-latest-0.0-noarch-1 of both 001-core4.xzms was updated.

core5.tar
http://www.mediafire.com/download/22w4o ... /core5.tar

is constructed with

32bit/
32bit/001-core5.xzm.md5
32bit/001-core5.xzm
64bit/
64bit/001-core5.xzm.md5
64bit/001-core5.xzm

neko
DEV Team
DEV Team
Posts: 2109
Joined: 09 Feb 2013, 09:55
Distribution: APorteus-FVWM-ja-x86_64.iso
Location: japan

Re: Bash bug

Post#47 by neko » 19 Oct 2014, 10:40

The "bash"s of 32bit/64bit version3.1-rc1 001-core.xzm were updated.

core.v3.1-rc1.tar
http://www.mediafire.com/download/zwm7j ... .1-rc1.tar

is constructed with
32bit/
32bit/001-core2.xzm
32bit/001-core2.xzm.md5
64bit/
64bit/001-core2.xzm
64bit/001-core2.xzm.md5

Thanks.

=========================
[bash test of 32bit version3.1-rc1 001-core.xzm]
guest$ bashcheck.txt
Testing /usr/bin/bash ...
GNU bash, version 4.2.50(2)-release (i486-slackware-linux-gnu)

Variable function parser pre/suffixed [%%, upstream], bugs not exploitable
Not vulnerable to CVE-2014-6271 (original shellshock)
Not vulnerable to CVE-2014-7169 (taviso bug)
Not vulnerable to CVE-2014-7186 (redir_stack bug)
Test for CVE-2014-7187 not reliable without address sanitizer
Found non-exploitable CVE-2014-6277 (lcamtuf bug #1)
Found non-exploitable CVE-2014-6278 (lcamtuf bug #2)


root# bashcheck.txt
Testing /bin/bash ...
GNU bash, version 4.2.50(2)-release (i486-slackware-linux-gnu)

Variable function parser pre/suffixed [%%, upstream], bugs not exploitable
Not vulnerable to CVE-2014-6271 (original shellshock)
Not vulnerable to CVE-2014-7169 (taviso bug)
Found non-exploitable CVE-2014-7186 (redir_stack bug)
Test for CVE-2014-7187 not reliable without address sanitizer
Found non-exploitable CVE-2014-6277 (lcamtuf bug #1)
Found non-exploitable CVE-2014-6278 (lcamtuf bug #2)

=========================
[bash test of 32bit version3.1-rc1 001-core2.xzm]
guest$ bashcheck.txt
Testing /usr/bin/bash ...
GNU bash, version 4.2.25(1)-release (i686-pc-linux-gnu)

Variable function parser pre/suffixed [%%, upstream], bugs not exploitable
Not vulnerable to CVE-2014-6271 (original shellshock)
Not vulnerable to CVE-2014-7169 (taviso bug)
Not vulnerable to CVE-2014-7186 (redir_stack bug)
Test for CVE-2014-7187 not reliable without address sanitizer
Not vulnerable to CVE-2014-6277 (lcamtuf bug #1)
Not vulnerable to CVE-2014-6278 (lcamtuf bug #2)


root# bashcheck.txt
Testing /bin/bash ...
GNU bash, version 4.2.25(1)-release (i686-pc-linux-gnu)

Variable function parser pre/suffixed [%%, upstream], bugs not exploitable
Not vulnerable to CVE-2014-6271 (original shellshock)
Not vulnerable to CVE-2014-7169 (taviso bug)
Not vulnerable to CVE-2014-7186 (redir_stack bug)
Test for CVE-2014-7187 not reliable without address sanitizer
Not vulnerable to CVE-2014-6277 (lcamtuf bug #1)
Not vulnerable to CVE-2014-6278 (lcamtuf bug #2)

=========================

Post Reply