Re: Testing for Shellshock ... combinatorics and latest(Shellshock) Bash

bug-bash

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Testing for Shellshock ... combinatorics and latest(Shellshock) Bash

From:	Chet Ramey
Subject:	Re: Testing for Shellshock ... combinatorics and latest(Shellshock) Bash Vulnerability...(attn: Chet Ramey)
Date:	Thu, 09 Oct 2014 21:35:09 -0400
User-agent:	Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:24.0) Gecko/20100101 Thunderbird/24.6.0

On 10/9/14, 6:06 PM, Pádraig Brady wrote:
> On 10/09/2014 08:46 PM, Rick Karcich (rkarcich) wrote:
>> Hello Chet,
>>
>> Re: testing for Shellshock...  would like your feedback... specifically, 
>> regarding the possibility of human-directed combinatorial testing to find 
>> this Bash vulnerability...
> 
> Sounds like how Michal Zalewski found the related CVE-2014-6278
> http://lcamtuf.blogspot.ie/2014/10/bash-bug-how-we-finally-cracked.html

That's a promising approach.  I asked Michal to continue running the fuzzer
against the patched, but he did not respond to that yet.

Chet

-- 
``The lyf so short, the craft so long to lerne.'' - Chaucer
                 ``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, ITS, CWRU    chet@case.edu    http://cnswww.cns.cwru.edu/~chet/

[Prev in Thread]

Current Thread

[Next in Thread]

re: Testing for Shellshock ... combinatorics and latest(Shellshock) Bash Vulnerability...(attn: Chet Ramey), Rick Karcich (rkarcich), 2014/10/09
- Re: Testing for Shellshock ... combinatorics and latest(Shellshock) Bash Vulnerability...(attn: Chet Ramey), Eduardo A . Bustamante López, 2014/10/09
  - Re: [Help-bash] Testing for Shellshock ... combinatorics and latest(Shellshock) Bash Vulnerability...(attn: Chet Ramey), Chet Ramey, 2014/10/09
- Re: Testing for Shellshock ... combinatorics and latest(Shellshock) Bash Vulnerability...(attn: Chet Ramey), Pádraig Brady, 2014/10/09
  - Re: Testing for Shellshock ... combinatorics and latest(Shellshock) Bash Vulnerability...(attn: Chet Ramey), Chet Ramey <=
    - Re: Testing for Shellshock ... combinatorics and latest(Shellshock) Bash Vulnerability...(attn: Chet Ramey), Stephane Chazelas, 2014/10/10
    - Re: Testing for Shellshock ... combinatorics and latest(Shellshock) Bash Vulnerability...(attn: Chet Ramey), Chet Ramey, 2014/10/10
    - Re: Testing for Shellshock ... combinatorics and latest(Shellshock) Bash Vulnerability...(attn: Chet Ramey), Stephane Chazelas, 2014/10/10
    - Re: Testing for Shellshock ... combinatorics and latest(Shellshock) Bash Vulnerability...(attn: Chet Ramey), Eric Blake, 2014/10/10
    - Re: Testing for Shellshock ... combinatorics and latest(Shellshock) Bash Vulnerability...(attn: Chet Ramey), Stephane Chazelas, 2014/10/10
    - Re: Testing for Shellshock ... combinatorics and latest(Shellshock) Bash Vulnerability...(attn: Chet Ramey), Chet Ramey, 2014/10/13
    - expansions upon arithmetic evaluation in array subscripts, Stephane Chazelas, 2014/10/13
    - Re: expansions upon arithmetic evaluation in array subscripts, Chet Ramey, 2014/10/14
    - Re: expansions upon arithmetic evaluation in array subscripts, Linda Walsh, 2014/10/14
    - Re: expansions upon arithmetic evaluation in array subscripts, Chet Ramey, 2014/10/14

Prev by Date: Re: [RFC] Logically composable variant of errexit
Next by Date: Re: [Help-bash] Testing for Shellshock ... combinatorics and latest(Shellshock) Bash Vulnerability...(attn: Chet Ramey)
Previous by thread: Re: Testing for Shellshock ... combinatorics and latest(Shellshock) Bash Vulnerability...(attn: Chet Ramey)
Next by thread: Re: Testing for Shellshock ... combinatorics and latest(Shellshock) Bash Vulnerability...(attn: Chet Ramey)
Index(es):
- Date
- Thread