[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Help-bash] Shellshock bug
From: |
Biswas, Amit |
Subject: |
Re: [Help-bash] Shellshock bug |
Date: |
Tue, 14 Oct 2014 19:54:47 +0530 |
Hello,
Appreciate the quick response and many thanks.
Regards,
Amit
-----Original Message-----
From: Chet Ramey [mailto:address@hidden
Sent: Tuesday, October 14, 2014 7:48 PM
To: Biswas, Amit; address@hidden
Cc: address@hidden
Subject: Re: [Help-bash] Shellshock bug
On 10/14/14, 9:57 AM, Biswas, Amit wrote:
> Hi,
>
> As we know of the vulnerability of systems with bash shell, I would like to
> know if the bash patches given by GNU cover all the bugs found (CVE Numbers
> mentioned below).
>
> CVE-2014-6271<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014
> -6271>, CVE-2014-7169
> <http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7169> ,
> CVE-2014-6277<https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-201
> 4-6277>,
> CVE-2014-6278<https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-201
> 4-6278>, ,
> CVE-2014-7186<https://access.redhat.com/security/cve/CVE-2014-7186>,
> CVE-2014-7187<https://access.redhat.com/security/cve/CVE-2014-7187>
>
> The 2.05b patches are available at below path however it's not clear what all
> CVE numbers are covered by the patches wrt Shellshock bug.
> http://ftp.gnu.org/gnu/bash/bash-2.05b-patches/
Here's something I've sent out a couple of times. Substitute the bash-2.05b
patch numbers for the bash-4.3 ones:
bash43-025 CVE-2014-6271 9/24/2014
bash43-026 CVE-2014-7169 9/26/2014
bash43-027 exported function namespace change 9/27/2014
bash43-028 CVE-2014-7186/CVE-2014-7187 10/1/2014
bash43-029 CVE-2014-6277 10/2/2014
bash43-030 CVE-2014-6278 10/5/2014
Patch 27 blocked the remote attack vector, so all the other reports were just
bugs.
--
``The lyf so short, the craft so long to lerne.'' - Chaucer
``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, ITS, CWRU address@hidden http://cnswww.cns.cwru.edu/~chet/