Infrastructure Software

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

bash vulnerability in Solaris 10

kmacSep 24 2014 — edited Oct 6 2014

http://seclists.org/oss-sec/2014/q3/650

https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/

Any plans for a hotfix for bash on Solaris 10?

$env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

vulnerable

this is a test

SunOS hostname 5.10 Generic_150401-13 i86pc i386 i86pc

$bash -version

GNU bash, version 3.2.51(1)-release (i386-pc-solaris2.10)

$pkginfo -l SUNWbash

PKGINST: SUNWbash

NAME: GNU Bourne-Again shell (bash)

CATEGORY: system

ARCH: i386

VERSION: 11.10.0,REV=2005.01.08.01.09

BASEDIR: /

VENDOR: Oracle Corporation

DESC: GNU Bourne-Again shell (bash) version 3.2

PSTAMP: sfw10-patch-x20120813130538

INSTDATE: Aug 19 2014 07:23

HOTLINE: Please contact your local service provider

STATUS: completely installed

FILES: 4 installed pathnames

2 shared pathnames

2 directories

1 executables

1250 blocks used (approx)

Locked Post

New comments cannot be posted to this locked post.

Locked on Nov 3 2014

Added on Sep 24 2014

#oracle-solaris, #solaris-10

57 comments

58,950 views