Mail Archives: cygwin/2014/09/26/16:06:34

delorie.com/archives/browse.cgi

search

Mail Archives: cygwin/2014/09/26/16:06:34

X-Recipient: archive-cygwin AT delorie DOT com

DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id

:list-unsubscribe:list-subscribe:list-archive:list-post

:list-help:sender:message-id:date:from:mime-version:to:subject

:references:in-reply-to:content-type:content-transfer-encoding;

q=dns; s=default; b=oB9k0SofM//Imzt2p4h+tf14blzr4ldq4t6hGAVMyDj

MZxxhekFCmfpex4WPaTKG/41N6aeg308IyXFjsWCQEfKVNH4j9Gz+dFt+plii+7c

BEeab+HnREAuSlJqky1zoOaIGcA524qf7R0kGTuAFKJMRQiGp23z4v9+MjJc75YE

=

DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id

:list-unsubscribe:list-subscribe:list-archive:list-post

:list-help:sender:message-id:date:from:mime-version:to:subject

:references:in-reply-to:content-type:content-transfer-encoding;

s=default; bh=umTzcpKu/Rq6CM2dn9Y9yCNbZbs=; b=TDtiRdYD6ElCKSSni

zFtJKvXBPJfTTizWNVdXsptrjarw1QutTH/xNzJDNyJ3/PlqyxIecysRSBfFDVXS

qwrc/d7+BjGzEY1YBRnOdrLtdLwFhujB2LqJ+teoEYQXc8L2LG8P1vRgWJBYTWGZ

efczfZ5avTH9yEbzXZXsyGk3Fs=

Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm

List-Id: <cygwin.cygwin.com>

List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>

List-Archive: <http://sourceware.org/ml/cygwin/>

List-Post: <mailto:cygwin AT cygwin DOT com>

List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>

Sender: cygwin-owner AT cygwin DOT com

Mail-Followup-To: cygwin AT cygwin DOT com

Delivered-To: mailing list cygwin AT cygwin DOT com

Authentication-Results: sourceware.org; auth=none

X-Virus-Found: No

X-Spam-SWARE-Status: No, score=-2.2 required=5.0 tests=AWL,BAYES_00,FREEMAIL_FROM,RCVD_IN_DNSWL_LOW,SPF_PASS autolearn=ham version=3.3.2

X-HELO: mail-lb0-f177.google.com

X-Received: by 10.152.8.168 with SMTP id s8mr812209laa.3.1411761974980; Fri, 26 Sep 2014 13:06:14 -0700 (PDT)

Message-ID: <5425C72E.5000707@gmail.com>

Date: Fri, 26 Sep 2014 22:06:06 +0200

From: Marco Atzeri <marco DOT atzeri AT gmail DOT com>

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.1.2

MIME-Version: 1.0

To: cygwin AT cygwin DOT com

Subject: Re: cygwin bash and Shellshock / CVE-2014-6271 & CVE-2014-7169

References: <000001cfd9c0$c599c150$50cd43f0$@belarc.com>

In-Reply-To: <000001cfd9c0$c599c150$50cd43f0$@belarc.com>

X-IsSubscribed: yes


On 26/09/2014 21:33, Richard DeFuria wrote:
> Hello,
>
> I downloaded the latest setup and installed the latest packages on my Win8.1
> x64 box.
>
> It seems as though my cygwin bash shell has been patched against
> CVE-2014-6271 as per:
> 	$ env x='() { :;}; echo vulnerable' bash -c "echo this is a test"
> 	bash: warning: x: ignoring function definition attempt
> 	bash: error importing function definition for `x'
> 	this is a test
>
> However, it is still susceptible to CVE-2014-7169 as per:
> 	$ env X='() { (a)=>\' sh -c "echo date"; cat echo
> 	sh: X: line 1: syntax error near unexpected token `='
> 	sh: X: line 1: `'
> 	sh: error importing function definition for `X'
> 	Fri, Sep 26, 2014  3:23:15 PM
>
> That is, the 'original' Shellshock vulnerability is fixed, but not the 'new'
> Shellshock vulnerability.
>
> Is this correct?

https://cygwin.com/ml/cygwin/2014-09/msg00400.html
`

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

- Raw text -

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019

X-Recipient:	archive-cygwin AT delorie DOT com
DomainKey-Signature:	a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:message-id:date:from:mime-version:to:subject
	:references:in-reply-to:content-type:content-transfer-encoding;
	q=dns; s=default; b=oB9k0SofM//Imzt2p4h+tf14blzr4ldq4t6hGAVMyDj
	MZxxhekFCmfpex4WPaTKG/41N6aeg308IyXFjsWCQEfKVNH4j9Gz+dFt+plii+7c
	BEeab+HnREAuSlJqky1zoOaIGcA524qf7R0kGTuAFKJMRQiGp23z4v9+MjJc75YE
	=
DKIM-Signature:	v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:message-id:date:from:mime-version:to:subject
	:references:in-reply-to:content-type:content-transfer-encoding;
	s=default; bh=umTzcpKu/Rq6CM2dn9Y9yCNbZbs=; b=TDtiRdYD6ElCKSSni
	zFtJKvXBPJfTTizWNVdXsptrjarw1QutTH/xNzJDNyJ3/PlqyxIecysRSBfFDVXS
	qwrc/d7+BjGzEY1YBRnOdrLtdLwFhujB2LqJ+teoEYQXc8L2LG8P1vRgWJBYTWGZ
	efczfZ5avTH9yEbzXZXsyGk3Fs=
Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id:	<cygwin.cygwin.com>
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com
Authentication-Results:	sourceware.org; auth=none
X-Virus-Found:	No
X-Spam-SWARE-Status:	No, score=-2.2 required=5.0 tests=AWL,BAYES_00,FREEMAIL_FROM,RCVD_IN_DNSWL_LOW,SPF_PASS autolearn=ham version=3.3.2
X-HELO:	mail-lb0-f177.google.com
X-Received:	by 10.152.8.168 with SMTP id s8mr812209laa.3.1411761974980; Fri, 26 Sep 2014 13:06:14 -0700 (PDT)
Message-ID:	<5425C72E.5000707@gmail.com>
Date:	Fri, 26 Sep 2014 22:06:06 +0200
From:	Marco Atzeri <marco DOT atzeri AT gmail DOT com>
User-Agent:	Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.1.2
MIME-Version:	1.0
To:	cygwin AT cygwin DOT com
Subject:	Re: cygwin bash and Shellshock / CVE-2014-6271 & CVE-2014-7169
References:	<000001cfd9c0$c599c150$50cd43f0$@belarc.com>
In-Reply-To:	<000001cfd9c0$c599c150$50cd43f0$@belarc.com>
X-IsSubscribed:	yes