Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 28 Sep 2014 06:35:41 -0600
From: Eric Blake <eblake@...hat.com>
To: Hanno Böck <hanno@...eck.de>,
        Chet Ramey <chet.ramey@...e.edu>
CC: Tavis Ormandy <taviso@...xchg8b.com>, Florian Weimer <fw@...eb.enyo.de>,
        Michal Zalewski <lcamtuf@...edump.cx>,
        Solar Designer <solar@...nwall.com>, oss-security@...ts.openwall.com
Subject: Re: CVE-2014-6271: remote code execution through bash

On 09/27/2014 11:22 PM, Hanno Böck wrote:
> On Sat, 27 Sep 2014 21:39:19 -0400
> Chet Ramey <chet.ramey@...e.edu> wrote:
> 
>> OK, here are the more-or-less final versions of the patches for
>> bash-2.05b through bash-4.3.  I made two changes from earlier today:
>> the function export suffix is now `%%', which is not part of a the
>> set of valid variable name characters but avoids any potential
>> problems with including shell metacharacters in the name; and this
>> version refuses to import shell functions whose name contains a
>> slash, for reasons I discussed earlier.
> 
> From what I can see your official patches still don't contain the
> out-of-bound memory fixes.

Correct, because those patches aren't official yet.  But at the same
time, the out-of-bounds bugs can no longer be used as a remote exploit
vehicle, because the official patch 4.3.27 (and friends) guarantee that
arbitrary values no longer call into the parser.

> 
> While not exposing the parser to random variables should shield that
> somewhat and reduce impact, they still should be fixed and the redhat
> patch looks pretty straightforward.

I'm sure Chet has plans to post more official patches in the coming week.

-- 
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org


[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ