← Back to team overview

touch-packages team mailing list archive

  1. touch-packages team
  2. Mailing list archive
  3. Message #24055

[Bug 1378114] Re: Ubuntu 14.10 bash is still vulnerable to CVE-2014-6277 and CVE-2014-7186.

  Thread PreviousDate PreviousThread Next 
** Package changed: ubuntu => bash (Ubuntu)

** Changed in: bash (Ubuntu)
       Status: New => Confirmed

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-6277

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-7186

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to bash in Ubuntu.
https://bugs.launchpad.net/bugs/1378114

Title:
  Ubuntu 14.10 bash is still vulnerable to CVE-2014-6277 and
  CVE-2014-7186.

Status in “bash” package in Ubuntu:
  Confirmed

Bug description:
  ---Problem Description---
  Ubuntu 14.10 bash still vulnerable to CVE-2014-6277 and CVE-2014-7186.
    
  ---uname output---
  manu@ubuntu:~$ uname -a Linux ubuntu 3.16.0-20-generic #27-Ubuntu SMP Wed Oct 1 17:24:38 UTC 2014 ppc64le ppc64le ppc64le GNU/Linux
   
  Machine Type = 8284-22A 
    
  ---Steps to Reproduce---
  Ubuntu 14.10 bash still vulnerable to CVE-2014-6277 and CVE-2014-7186.

  1. install Oct 5 ppc64le ubuntu 14.10 ISO image.

  2. upgrade to latest bash.
  manu@ubuntu:~$  sudo apt-get update; apt-get install --only-upgrade bash

  manu@ubuntu:~$ bash --version
  GNU bash, version 4.3.27(1)-release (powerpc64le-unknown-linux-gnu)
  Copyright (C) 2013 Free Software Foundation, Inc.
  License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>

  This is free software; you are free to change and redistribute it.
  There is NO WARRANTY, to the extent permitted by law.


  
  3. run the shellshocker.net tests to see if the bash is still vulnerable.

  manu@ubuntu:~$ curl https://shellshocker.net/shellshock_test.sh | bash
    % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                   Dload  Upload   Total   Spent    Left  Speed
  100  2533  100  2533    0     0   3675      0 --:--:-- --:--:-- --:--:--  3671
  CVE-2014-6271 (original shellshock): not vulnerable
  bash: line 16: 14233 Segmentation fault      bash -c "f() { x() { _;}; x() { _;} <<a; }" 2> /dev/null
  CVE-2014-6277 (segfault): VULNERABLE
  CVE-2014-6278 (Florian's patch): not vulnerable
  CVE-2014-7169 (taviso bug): not vulnerable
  bash: line 49: 14250 Segmentation fault      bash -c 'true <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF' 2> /dev/null
  CVE-2014-7186 (redir_stack bug): VULNERABLE
  CVE-2014-7187 (nested loops off by one): not vulnerable
  CVE-2014-//// (exploit 3 on http://shellshocker.net/): not vulnerable

  based on the test suite results, CVE-2014-6277 and CVE-2014-7186 are
  still vulnerable on Ubuntu 14.10.

  Other similar tests in these areas which still fails:

  1. manu@ubuntu:~$ bash -c "f(){ x(){ _;};x(){ _;}<<a;}"
  Segmentation fault

  2. manu@ubuntu:/tmp$ bash -c ':<<a<<b<<c<<d<<e<<f<<g<<h<<i<<j<<k<<l<<m<<n'
  Segmentation fault

  
  3. manu@ubuntu:/tmp$ bash -c 'true <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF' || echo "CVE-2014-7186 vulnerable, redir_stack"
  Segmentation fault
  CVE-2014-7186 vulnerable, redir_stack

  4. manu@ubuntu:~$ bash -c "f() { x() { _;}; x() { _;} <<a; }" 2>/dev/null || echo vulnerable
  Segmentation fault
  vulnerable

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1378114/+subscriptions
  Thread PreviousDate PreviousThread Next