|
| From: | Alexandre FERRIEUX - SOFT/LAN |
| Subject: | Re: Bash-4.3 Official Patch 25 Bug 896776 - (CVE-2014-6271) |
| Date: | Fri, 26 Sep 2014 08:30:41 +0200 |
| User-agent: | Mozilla/5.0 (X11; Linux i686; rv:8.0) Gecko/20111113 Thunderbird/8.0 |
On 26/09/2014 08:23, Ralf Naegele wrote:
Hello Eduardo, I haven't installed the patched bash yet. I called it in the source directory after compiling, it with ./bash so I think this should start the patched bash.
You started ./bash as the parent reading the offending line, but did you also
modify it so that ./bash appears inside ?
env x='() { :;}; echo vulnerable' ./bash -c "echo this is a test"
This is important since the bug occurs in the child, at init time (within
shell_initialize_variables)
-Alex
| [Prev in Thread] | Current Thread | [Next in Thread] |