Ubuntu
bash package

Ubuntu 14.10 bash is still vulnerable to CVE-2014-6277 and CVE-2014-7186.

Bug #1378114 reported by bugproxy
18
This bug affects 3 people
Affects Status Importance Assigned to Milestone
bash (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

---Problem Description---
Ubuntu 14.10 bash still vulnerable to CVE-2014-6277 and CVE-2014-7186.

---uname output---
manu@ubuntu:~$ uname -a Linux ubuntu 3.16.0-20-generic #27-Ubuntu SMP Wed Oct 1 17:24:38 UTC 2014 ppc64le ppc64le ppc64le GNU/Linux

Machine Type = 8284-22A

---Steps to Reproduce---
Ubuntu 14.10 bash still vulnerable to CVE-2014-6277 and CVE-2014-7186.

1. install Oct 5 ppc64le ubuntu 14.10 ISO image.

2. upgrade to latest bash.
manu@ubuntu:~$ sudo apt-get update; apt-get install --only-upgrade bash

manu@ubuntu:~$ bash --version
GNU bash, version 4.3.27(1)-release (powerpc64le-unknown-linux-gnu)
Copyright (C) 2013 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>

This is free software; you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

3. run the shellshocker.net tests to see if the bash is still vulnerable.

manu@ubuntu:~$ curl https://shellshocker.net/shellshock_test.sh | bash
  % Total % Received % Xferd Average Speed Time Time Time Current
                                 Dload Upload Total Spent Left Speed
100 2533 100 2533 0 0 3675 0 --:--:-- --:--:-- --:--:-- 3671
CVE-2014-6271 (original shellshock): not vulnerable
bash: line 16: 14233 Segmentation fault bash -c "f() { x() { _;}; x() { _;} <<a; }" 2> /dev/null
CVE-2014-6277 (segfault): VULNERABLE
CVE-2014-6278 (Florian's patch): not vulnerable
CVE-2014-7169 (taviso bug): not vulnerable
bash: line 49: 14250 Segmentation fault bash -c 'true <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF' 2> /dev/null
CVE-2014-7186 (redir_stack bug): VULNERABLE
CVE-2014-7187 (nested loops off by one): not vulnerable
CVE-2014-//// (exploit 3 on http://shellshocker.net/): not vulnerable

based on the test suite results, CVE-2014-6277 and CVE-2014-7186 are still vulnerable on Ubuntu 14.10.

Other similar tests in these areas which still fails:

1. manu@ubuntu:~$ bash -c "f(){ x(){ _;};x(){ _;}<<a;}"
Segmentation fault

2. manu@ubuntu:/tmp$ bash -c ':<<a<<b<<c<<d<<e<<f<<g<<h<<i<<j<<k<<l<<m<<n'
Segmentation fault

3. manu@ubuntu:/tmp$ bash -c 'true <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF <<EOF' || echo "CVE-2014-7186 vulnerable, redir_stack"
Segmentation fault
CVE-2014-7186 vulnerable, redir_stack

4. manu@ubuntu:~$ bash -c "f() { x() { _;}; x() { _;} <<a; }" 2>/dev/null || echo vulnerable
Segmentation fault
vulnerable

CVE References

bugproxy (bugproxy)
tags: added: architecture-ppc64le bugnameltc-117187 severity-high targetmilestone-inin---
Luciano Chavez (lnx1138)
affects: ubuntu → bash (Ubuntu)
Changed in bash (Ubuntu):
status: New → Confirmed
bugproxy (bugproxy)
tags: added: targetmilestone-inin1410
removed: targetmilestone-inin---
Revision history for this message
bugproxy (bugproxy) wrote : Comment bridged from LTC Bugzilla

------- Comment From <email address hidden> 2014-10-16 16:19 EDT-------
Verified the Bug. The issues are fixed.

Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

This was fixed long ago. Closing.

Changed in bash (Ubuntu):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.