Re: CVE-2014-6277, CVE-2014-6278
On Mon, 29 Sep 2014, john wrote:
> So I am confused. I think what I am reading here is that if you applied
> the latest patches to bash  you are not vulnerable to CVE-2014-6277.
> CVE-2014-6278. Running the test outlined on Icamtuf.blogspot.co.nz 
> seemed to confirm that.
AFAIK, we are still vulnerable to CVE-2014-6277 and CVE-2014-6278, but not
through any interesting attack vectors: Debian included the RedHat change
that moves the functions to the BASH_FUNC_<name>() namespace in the DSA-3035
However, should someone find a way to inject BASH_FUNC_foo()='<whatever
triggers these undisclosed bugs>' into the environment, the attack is going
to succeed. To twart that, we have to wait until the embargo is lifted and
the real fix for CVE-2014-6277 and CVE-2014-6278 gets uploaded/published.
"One disk to rule them all, One disk to find them. One disk to bring
them all and in the darkness grind them. In the Land of Redmond
where the shadows lie." -- The Silicon Valley Tarot