touch-packages team mailing list archive

Thread
Date

[Bug 1378071] Re: bash crashed with SIGSEGV in strlen()

To: touch-packages@xxxxxxxxxxxxxxxxxxx
From: Seth Arnold <1378071@xxxxxxxxxxxxxxxxxx>
Date: Mon, 06 Oct 2014 19:41:58 -0000
Reply-to: Bug 1378071 <1378071@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

With the prefix+suffix patches, this can no longer be exploited across
privilege boundaries; we'll likely include these fixes at some point in
the future but don't consider them a pressing issue any longer. For more
details please see our CVE tracker: http://people.canonical.com/~ubuntu-
security/cve/2014/CVE-2014-6277.html

Thanks

** Information type changed from Private Security to Public Security

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-6277

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to bash in Ubuntu.
https://bugs.launchpad.net/bugs/1378071

Title:
  bash crashed with SIGSEGV in strlen()

Status in “bash” package in Ubuntu:
  New

Bug description:
  Tried to run vulnerability tester for ShellShock:

      curl https://shellshocker.net/shellshock_test.sh | bash

  ProblemType: Crash
  DistroRelease: Ubuntu 14.10
  Package: bash 4.3-10ubuntu1
  ProcVersionSignature: Ubuntu 3.16.0-20.27-generic 3.16.3
  Uname: Linux 3.16.0-20-generic x86_64
  ApportVersion: 2.14.7-0ubuntu3
  Architecture: amd64
  Date: Mon Oct  6 15:20:52 2014
  ExecutablePath: /bin/bash
  InstallationDate: Installed on 2014-10-03 (3 days ago)
  InstallationMedia: Xubuntu 14.10 "Utopic Unicorn" - Alpha amd64 (20140923)
  ProcCmdline: bash -c f()\ {\ x()\ {\ _;};\ x()\ {\ _;}\ <<a;\ }
  ProcEnviron:
   TERM=xterm
   SHELL=/bin/bash
   PATH=(custom, no user)
   LANG=en_US.UTF-8
  SegvAnalysis:
   Segfault happened at: 0x7fa67ca5c564 <strlen+148>:	pcmpeqb (%rax),%xmm8
   PC (0x7fa67ca5c564) ok
   source "(%rax)" (0xdfdfdfdfdfdfdfc0) not located in a known VMA region (needed readable region)!
   destination "%xmm8" ok
  SegvReason: reading unknown VMA
  Signal: 11
  SourcePackage: bash
  StacktraceTop:
   strlen () at ../sysdeps/x86_64/strlen.S:137
   copy_redirect ()
   copy_redirects ()
   copy_command ()
   copy_function_def_contents ()
  Title: bash crashed with SIGSEGV in strlen()
  UpgradeStatus: No upgrade log present (probably fresh install)
  UserGroups:

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1378071/+subscriptions