bug-bash
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: bash-3.1, Shellshock issue, specially CVE-2014-7187.


From: Vettel_Kao高毓廷
Subject: Re: bash-3.1, Shellshock issue, specially CVE-2014-7187.
Date: Mon, 17 Nov 2014 10:08:34 +0800

Thanks a lot. I got the 'command not found' with CVE-2014-7187 in patch
3.1.23. Most of blogs and websites are wrong.

2014-11-14 14:25 GMT+08:00 <yutingkao23@yutingkao23-desktop>:

> Configuration Information [Automatically generated, do not change]:
> Machine: i686
> OS: linux-gnu
> Compiler: gcc
> Compilation CFLAGS:  -DPROGRAM='bash' -DCONF_HOSTTYPE='i686'
> -DCONF_OSTYPE='linux-gnu' -DCONF_MACHTYPE='i686-pc-linux-gnu' -$
> uname output: Linux yutingkao23-desktop 2.6.32-38-generic #83-Ubuntu SMP
> Wed Jan 4 11:13:04 UTC 2012 i686 GNU/Linux
> Machine Type: i686-pc-linux-gnu
>
> Bash Version: 3.1
> Patch Level: 23
> Release Status: release
>
> Description:
>         Where I test `(for x in {1..200} ; do echo "for x$x in ; do :";
> done; for x in {1..200} ; do echo done ; done) | bas$
>         It shows
>                 bash: line 46: syntax error near unexpected token `;'
>                 bash: line 46: `for x46 in ; do :'
>                 CVE-2014-7187 vulnerable, word_lineno"
>
>         Does bash-3.1 with patch 23 fix the CVE-2014-7187 already ?
>
> Repeat-By:
>         Everytime
>
>


-- 
Vettel Kao

-- 
*CONFIDENTIALITY NOTICE :* Please be advised that this e-mail and any files 
transmitted therewith are privileged or confidential and are intended 
solely for the individual or entity to whom they are addressed. If you are 
not the intended recipient, please do not read, copy or retransmit this 
communication but destroy it immediately. Any unauthorized dissemination, 
distribution or copying of this communication is strictly prohibited.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]