Shellshock problem is actually in C library? [Re: SF-LUG - Meeting of Sunday October 5, 2014]
Michael Paoli
Michael.Paoli at cal.berkeley.edu
Mon Oct 6 21:17:47 PDT 2014
Shellshock problem is actually in C library?
Hmmmm, I'd not heard/read that (but haven't been following it super closely).
If so, depending what C library and how widely used that could be even
more scary.
Teensy bit of search, and I did find:
https://github.com/ido/macosx-bash-92-shellshock-patched/blob/master/bash-3.2/lib/sh/getcwd.c
But nothing more generally definitive. I did read somewhere, that after
the shellshock revelation, many folks looked more closely and carefully
at bash, and discovered numerous other vulnerabilities (and at least last
I read/heard, many of them haven't been publicly disclosed ... yet). I
seem to recall seeing/reading a list of CVEs, or the like, some of which
didn't yet have descriptions, etc. - on embargo yet pending pending public
disclosure (probably when patches will also mostly be announced and
released).
> From: "Bobbie Sellers" <bliss-sf4ever at dslextreme.com>
> Subject: SF-LUG - Meeting of Sunday October 5, 2014
> Date: Sun, 05 Oct 2014 15:15:53 -0700
> Klaus Knopper put out 2 new versions of Knoppix over the last week
> or so. He was trying to stay ahead of the "Shellshock" problem
> which Ken says is actually in C library.
More information about the sf-lug
mailing list