oss-sec mailing list archives

RE: more bash parser bugs (CVE-2014-6277, CVE-2014-6278)

From: Sona Sarmadi <sona.sarmadi () enea com>
Date: Thu, 2 Oct 2014 06:48:54 +0000

On 10/1/14, 5:04 PM, Shawn wrote:

http://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-028


Nope, this one fixes 7168/7169.  It's the equivalent of the `parser-oob' patch.


Chet is 7168 new vulnerability or is a typo and should be CVE-2014-7186?
Doesn't bash43-026  fix CVE-2014-7169?

Is this summary correct?
1) CVE-2014-6271 (Initial vulnerability, Bash Code Injection Vulnerability via Specially Crafted Environment 
Variables): GNU fix bash43-025  & bash32-052 

2) CVE-2014-7169 (Further parser error,  this was assigned to cover incomplete fix for CVE-2014-6271): GNU fix 
bash43-026  & bash32-053

3) CVE-2014-6277 (this is the hardening patch which adds function name mangling, it makes exploitation over the network 
impossible): Florian's patch /GNU fix bash43-027 & bash32-054

4) CVE-2014-6278 (bash: code execution via specially crafted environment): Florian's patch /GNU fix bash43-027 & 
bash32-054

5) CVE-2014-7186 (Out of bound memory read error in redir_stack): GNU fix bash43-028 ??

6) CVE-2014-7187 (Off-by-one error in nested loops): No upstream patch available yet ?

Thanks 
-- Sona

Current thread:

Re: more bash parser bugs (CVE-2014-6277, CVE-2014-6278), (continued)
- - - Re: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Zach Wikholm (Oct 01)
    - RE: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Henry, Bobby (Oct 01)
    - Re: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Chet Ramey (Oct 01)
    - Re: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Ed Prevost (Oct 01)
    - Re: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Shawn (Oct 01)
    - Re: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Michal Zalewski (Oct 01)
    - Re: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Shawn (Oct 01)
    - Re: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Ed Prevost (Oct 01)
    - Re: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Chet Ramey (Oct 02)
    - Re: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Chet Ramey (Oct 01)
    - RE: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Sona Sarmadi (Oct 01)
    - Re: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Solar Designer (Oct 02)
    - Re: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Chet Ramey (Oct 02)
    - RE: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Menkhus, Mark (Global Cyber Security SSRT) (Oct 02)
    - RE: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Sona Sarmadi (Oct 02)
    - RE: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Menkhus, Mark (Global Cyber Security SSRT) (Oct 02)
    - Re: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Michal Zalewski (Oct 02)
    - RE: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Sona Sarmadi (Oct 02)
    - Re: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Michal Zalewski (Oct 02)
    - RE: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Sona Sarmadi (Oct 03)
    - RE: more bash parser bugs (CVE-2014-6277, CVE-2014-6278) Sona Sarmadi (Oct 03)