[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: bash-3.1, Shellshock issue, specially CVE-2014-7187.
From: |
Chet Ramey |
Subject: |
Re: bash-3.1, Shellshock issue, specially CVE-2014-7187. |
Date: |
Fri, 14 Nov 2014 08:46:10 -0500 |
User-agent: |
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:24.0) Gecko/20100101 Thunderbird/24.6.0 |
On 11/14/14, 1:25 AM, yutingkao23@yutingkao23-desktop wrote:
> Bash Version: 3.1
> Patch Level: 23
> Release Status: release
>
> Description:
> Where I test `(for x in {1..200} ; do echo "for x$x in ; do :"; done;
> for x in {1..200} ; do echo done ; done) | bas$
> It shows
> bash: line 46: syntax error near unexpected token `;'
> bash: line 46: `for x46 in ; do :'
> CVE-2014-7187 vulnerable, word_lineno"
Your test is flawed; this has been covered previously on this mailing list.
bash-3.1 patch 21 fixes this problem.
Chet
--
``The lyf so short, the craft so long to lerne.'' - Chaucer
``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, ITS, CWRU chet@case.edu http://cnswww.cns.cwru.edu/~chet/