[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FD] the other bash RCEs (CVE-2014-6277 and CVE-2014-6278)

To: fulldisclosure@xxxxxxxxxxxx
Subject: Re: [FD] the other bash RCEs (CVE-2014-6277 and CVE-2014-6278)
From: Michael Bazzinotti <mbazzinotti@xxxxxxxxx>
Date: Sat, 4 Oct 2014 03:48:52 -0400

In reference to Michal Zalewski's detailed post:
>Perhaps notably, the ability to specify attacker-controlled addresses
>hinges on the state of --enable-bash-malloc and --enable-mem-scramble

The correct ./configure argument for bash-malloc is --with-bash-malloc.
Just wanted to note that out. I learned this from going to compile bash
myself with these flags just now. :)

>compile-time flags; if both are enabled, the memory returned by
>xmalloc() will be initialized to 0xdf, making the prospect of
>exploitation more speculative (essentially depending on whether the
>stack or any other memory region can be grown to overlap with
>0xdfdfdfdf)

Cheers,
-- 
*****************************
Michael Bazzinotti
University of Massachusetts Boston
bazz@xxxxxxxxxx
http://www.bazz1.com

_______________________________________________
Sent through the Full Disclosure mailing list
http://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Prev by Date: [FD] CVE-2014-4313 Epicor Procurement SQL Injection
Next by Date: [FD] Paypal Inc Bug Bounty #30 - Filter Bypass & Persistent Vulnerabilities
Previous by thread: Re: [FD] the other bash RCEs (CVE-2014-6277 and CVE-2014-6278)
Next by thread: [FD] CVE-2014-5308 - Multiple SQL Injection Vulnerabilities in TestLink
Index(es):
- Date
- Thread