CVE-2014-7186 is still vulnerable #20
Comments
|
Why should you want to install a manually compiled version on Ubuntu 14.04? There is security support and Bash is up to date, so See also |
|
@zeros1122 the fixbash script simply downloads all the patches available on the official gnu site, if it's still vulnerable there isn't a patch for that. can you provide the "./shellshock_test.sh" download link? |
|
@zeros1122, there have been a couple more patches released since your original post. Can you re-try the fixbash script and report back the results of your vulnerability tests? |
|
@TheZ3ro: |
env: Ubuntu 14.04 LTE
I tried the command
curl https://shellshocker.net/fixbash | sh
and finished the patch. But using a known test script it still showed CVE-2014-7186 was not fixed yet.
shanfu@shanfu-ubuntu:~/code$ ./shellshock_test.sh
Evaluating /bin/bash...
Running tests...
Tests completed. Determining results...
CVE-2014-6172: not vulnerable
CVE-2014-7169: not vulnerable
CVE-2014-7186: VULNERABLE
CVE-2014-7187: not vulnerable
This shell should be immune to shellshock attack via any other parser bugs
Overall status: VULNERABLE
The text was updated successfully, but these errors were encountered: