Bash still vulnerable (4.2+dfsg-0.1+deb7u1)

To: "'debian-security@lists.debian.org'" <debian-security@lists.debian.org>
Subject: Bash still vulnerable (4.2+dfsg-0.1+deb7u1)
From: Denny Bortfeldt <d.bortfeldt@babiel.com>
Date: Thu, 25 Sep 2014 17:35:54 +0000
Message-id: <[🔎] 6FF2272C0D238A4BBD06E589AB8352C60BD61DB5@s015011.office.babiel.com>

Hey guys,

according to a twitter post (https://twitter.com/taviso/status/514887394294652929) , the patch which came out last night is still vulnerable:

this part was fixed by 4.2+dfsg-0.1+deb7u1:
denny@bortfeldt.net:~$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
bash: warning: x: ignoring function definition attempt
bash: error importing function definition for `x'
this is a test

but this is still useable:
denny@dbortfeldt:~$ env X='() { (a)=>\' bash -c "echo echo vuln"; [[ "$(cat echo)" == "vuln" ]] && echo "still vulnerable :("
bash: X: Zeile 1: Syntaxfehler beim unerwarteten Wort »=«
bash: X: Zeile 1: `'
bash: Fehler beim Importieren der Funktionsdefinition für »X«.
still vulnerable :(


Is it possible to fix also the 2nd part so that bash is really not vulnerable at all? I saw that Gentoo patched the bash also twice.

Thanks in advance.

Sincerely,
Denny

Reply to:

Follow-Ups:
- Re: Bash still vulnerable (4.2+dfsg-0.1+deb7u1)
  - From: "Thijs Kinkhorst" <thijs@debian.org>

Prev by Date: Re: [SECURITY] [DSA 3032-1] bash security update
Next by Date: Re: Bash still vulnerable (4.2+dfsg-0.1+deb7u1)
Previous by thread: Re: [SECURITY] [DSA 3032-1] bash security update
Next by thread: Re: Bash still vulnerable (4.2+dfsg-0.1+deb7u1)
Index(es):
- Date
- Thread