bash crashed with SIGSEGV in strlen()
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
bash (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Tried to run vulnerability tester for ShellShock:
curl https:/
ProblemType: Crash
DistroRelease: Ubuntu 14.10
Package: bash 4.3-10ubuntu1
ProcVersionSign
Uname: Linux 3.16.0-20-generic x86_64
ApportVersion: 2.14.7-0ubuntu3
Architecture: amd64
Date: Mon Oct 6 15:20:52 2014
ExecutablePath: /bin/bash
InstallationDate: Installed on 2014-10-03 (3 days ago)
InstallationMedia: Xubuntu 14.10 "Utopic Unicorn" - Alpha amd64 (20140923)
ProcCmdline: bash -c f()\ {\ x()\ {\ _;};\ x()\ {\ _;}\ <<a;\ }
ProcEnviron:
TERM=xterm
SHELL=/bin/bash
PATH=(custom, no user)
LANG=en_US.UTF-8
SegvAnalysis:
Segfault happened at: 0x7fa67ca5c564 <strlen+148>: pcmpeqb (%rax),%xmm8
PC (0x7fa67ca5c564) ok
source "(%rax)" (0xdfdfdfdfdfdf
destination "%xmm8" ok
SegvReason: reading unknown VMA
Signal: 11
SourcePackage: bash
StacktraceTop:
strlen () at ../sysdeps/
copy_redirect ()
copy_redirects ()
copy_command ()
copy_function_
Title: bash crashed with SIGSEGV in strlen()
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups:
CVE References
tags: | removed: need-amd64-retrace |
With the prefix+suffix patches, this can no longer be exploited across privilege boundaries; we'll likely include these fixes at some point in the future but don't consider them a pressing issue any longer. For more details please see our CVE tracker: http:// people. canonical. com/~ubuntu- security/ cve/2014/ CVE-2014- 6277.html
Thanks