[SATLUG] bash "word_lineno" vulnerability (CVE-2014-7187)

David Salisbury david.salisbury at momentumweb.com
Mon Oct 6 13:08:34 CDT 2014


 > Since bash-2.05b was released 17-Jul-2002, don't you think
 > it's time for an upgrade?  Why not just go to bash-4.3?

I knew somebody would say that. ;)  Certainly something I'm not opposed 
to, but the older box in question has lots of old scripts that most 
LIKELY wouldn't break with an upgrade, but I'd prefer not to introduce 
that variable at the moment.  Plus, since the bash maintainers are 
actively patching v2.05b (along with lots of other older versions), it 
should be working right??  I guess I'm just curious as to the structure 
of that one-line vulnerability test, and if anyone else has bumped into 
this issue too (with an older OR newer bash version)?
-David



More information about the SATLUG mailing list