[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: bash-3.1, Shellshock issue, specially CVE-2014-7187.
|
From: |
Vettel_Kao高毓廷 |
|
Subject: |
Re: bash-3.1, Shellshock issue, specially CVE-2014-7187. |
|
Date: |
Mon, 17 Nov 2014 10:08:34 +0800 |
Thanks a lot. I got the 'command not found' with CVE-2014-7187 in patch
3.1.23. Most of blogs and websites are wrong.
2014-11-14 14:25 GMT+08:00 <yutingkao23@yutingkao23-desktop>:
> Configuration Information [Automatically generated, do not change]:
> Machine: i686
> OS: linux-gnu
> Compiler: gcc
> Compilation CFLAGS: -DPROGRAM='bash' -DCONF_HOSTTYPE='i686'
> -DCONF_OSTYPE='linux-gnu' -DCONF_MACHTYPE='i686-pc-linux-gnu' -$
> uname output: Linux yutingkao23-desktop 2.6.32-38-generic #83-Ubuntu SMP
> Wed Jan 4 11:13:04 UTC 2012 i686 GNU/Linux
> Machine Type: i686-pc-linux-gnu
>
> Bash Version: 3.1
> Patch Level: 23
> Release Status: release
>
> Description:
> Where I test `(for x in {1..200} ; do echo "for x$x in ; do :";
> done; for x in {1..200} ; do echo done ; done) | bas$
> It shows
> bash: line 46: syntax error near unexpected token `;'
> bash: line 46: `for x46 in ; do :'
> CVE-2014-7187 vulnerable, word_lineno"
>
> Does bash-3.1 with patch 23 fix the CVE-2014-7187 already ?
>
> Repeat-By:
> Everytime
>
>
--
Vettel Kao
--
*CONFIDENTIALITY NOTICE :* Please be advised that this e-mail and any files
transmitted therewith are privileged or confidential and are intended
solely for the individual or entity to whom they are addressed. If you are
not the intended recipient, please do not read, copy or retransmit this
communication but destroy it immediately. Any unauthorized dissemination,
distribution or copying of this communication is strictly prohibited.