Date: Sun, 5 Oct 2014 00:33:40 -0700 From: Michal Zalewski <lcamtuf@...edump.cx> To: oss-security <oss-security@...ts.openwall.com> Subject: Re: Shellshocker - Repository of "Shellshock" Proof of Concept Code > < https://github.com/mubix/shellshocker-pocs > I mentioned this earlier on another thread, but I would really warn people about relying on this unless they really understand what's going on. At a quick glance, CVE-2014-6271 and CVE-2014-7169 test cases will stop working with Florian's patch (probably fine, since even if you don't have patches for these bugs, you're at almost no risk). At the same time, the test case for CVE-2014-7186 will claim that you're vulnerable even with Florian's patch. Next, the test case for and CVE-2014-7187 will probably always claim that you're vulnerable, even if you have the patch installed (haven't tested, but looks that way). And finally, the test cases for CVE-2014-6277 and CVE-2014-6278 are incomplete and won't work if pasted as-is - you'll just get a syntax error. /mz
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ