iidaの日記: bash43-028 3
GNU Bash 4.3のパッチ・レベル28がリリースされた。CVE-2014-7186とCVE-2014-7187の欠陥を修正しているようだ。
CVE-2014-7186は、
bash -c ':<<a<<b<<c<<d<<e<<f<<g<<h<<i<<j<<k<<l<<m<<n'
を実行すると、出力しないか、あるいは次
bash: warning: here-document at line 0 delimited by end-of-file (wanted `a')
bash: warning: here-document at line 0 delimited by end-of-file (wanted `b')
bash: warning: here-document at line 0 delimited by end-of-file (wanted `c')
bash: warning: here-document at line 0 delimited by end-of-file (wanted `d')
bash: warning: here-document at line 0 delimited by end-of-file (wanted `e')
bash: warning: here-document at line 0 delimited by end-of-file (wanted `f')
bash: warning: here-document at line 0 delimited by end-of-file (wanted `g')
bash: warning: here-document at line 0 delimited by end-of-file (wanted `h')
bash: warning: here-document at line 0 delimited by end-of-file (wanted `i')
bash: warning: here-document at line 0 delimited by end-of-file (wanted `j')
bash: warning: here-document at line 0 delimited by end-of-file (wanted `k')
bash: warning: here-document at line 0 delimited by end-of-file (wanted `l')
bash: warning: here-document at line 0 delimited by end-of-file (wanted `m')
のように出力されるべきところ、コア・ダンプしたり
bash: warning: here-document at line 0 delimited by end-of-file (wanted `l<<m')
のように出力されたりする (このとき配列の範囲外をアクセスしている)、というもののようだ。
CVE-2014-7187は、200重の空forループで異常終了するようになる、というもののようだ。これは
(for x in {1..200}; do echo "for x$x in ; do :";done;for x in {1..200}; do
echo done;done)|bash||echo CVE-2014-7187 vulnerable
で、検査できる。
- - - - -
(PS 2014-10-03 タイトルを地味に変更)
4.2.50(2)でわ (スコア:2)
bash: warning: here-document at line 0 delimited by end-of-file (wanted `a')
bash: warning: here-document at line 0 delimited by end-of-file (wanted `b')
…
bash: warning: here-document at line 0 delimited by end-of-file (wanted `j')
bash: warning: here-document at line 0 delimited by end-of-file (wanted `k')
bash: warning: here-document at line 0 delimited by end-of-file (wanted `l<<m') ←ここだけ変
bash: warning: here-document at line 0 delimited by end-of-file (wanted `n')
$ (for x in {1..200}; do echo "for x$x in ; do :";done;for x in {1..200}; do echo done;done)|bash||echo CVE-2014-7187 vulnerable
$ ←何もでなゐんでおk
Re:4.2.50(2)でわ (スコア:1)
iida
Re:4.2.50(2)でわ (スコア:1)
Bash-4.1 Official Patch 15、 Bash-4.0 Official Patch 42、 Bash-3.2 Official Patch 55、 Bash-3.1 Official Patch 21、 Bash-3.0 Official Patch 20、 [REISSUE] Bash-2.05b Official Patch 11
も同じみたいだ。
iida