Skip to Main Content
Forums

Infrastructure Software

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Interested in getting your voice heard by members of the Developer Marketing team at Oracle? Check out this post for AppDev or this post for AI focus group information.

bash vulnerability in Solaris 10

kmacSep 24 2014 — edited Oct 6 2014

http://seclists.org/oss-sec/2014/q3/650

https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/

Any plans for a hotfix for bash on Solaris 10?

$env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

vulnerable

this is a test

SunOS hostname 5.10 Generic_150401-13 i86pc i386 i86pc

$bash -version

GNU bash, version 3.2.51(1)-release (i386-pc-solaris2.10)

Copyright (C) 2007 Free Software Foundation, Inc.

$pkginfo -l SUNWbash

   PKGINST:  SUNWbash

      NAME:  GNU Bourne-Again shell (bash)

  CATEGORY:  system

      ARCH:  i386

   VERSION:  11.10.0,REV=2005.01.08.01.09

   BASEDIR:  /

    VENDOR:  Oracle Corporation

      DESC:  GNU Bourne-Again shell (bash) version 3.2

    PSTAMP:  sfw10-patch-x20120813130538

  INSTDATE:  Aug 19 2014 07:23

   HOTLINE:  Please contact your local service provider

    STATUS:  completely installed

     FILES:        4 installed pathnames

                   2 shared pathnames

                   2 directories

                   1 executables

                1250 blocks used (approx)

Comments

807578
SS12 should work just fine on later releases of Solaris 10 updates.
807578
To extend Chris' answer: it is generally a good idea to apply latest patches to Sun Studio especially when upgrading OS. The list of patches for Sun Studio 12 will be available at
http://developers.sun.com/sunstudio/downloads/patches/index.jsp
807578
Solaris 10 3/05 was released before Solaris 10 1/06. So, I assume Solaris 10 3/05 is not supported but Solaris 10 1/06 and later are supported. Is that incorrect?
807578
I'm not really sure about the numbers. Solaris 10 is supported, but I believe you have to have certain patches installed.

Please refer to release notes for more info:
http://developers.sun.com/sunstudio/documentation/ss12/release_notes.html#Patches
807578
I have done a poor job of explaining. The Sun Studio 12 Release Notes do specify Solaris 10 1/06. Read them. Why would Sun specify that release unless Solaris 10 3/05 was not supported? See http://developers.sun.com/sunstudio/support/support_matrix.jsp and http://developers.sun.com/sunstudio/documentation/ss12/release_notes.html#SystemReqs

Sun has gone to the trouble to list Solaris OS 9 and 10 1/06. It is not a matter of applying patches to become 10 1/06 from 3/05. It requires an upgrade.
807578
It is not a matter of applying patches to become 10 1/06 from 3/05. It requires an upgrade.
Then I guess I was wrong and Studio 12 is not supported on 10 1/06. It doesn't mean that it won't work though.
1 - 6
Locked Post
New comments cannot be posted to this locked post.

Post Details

Locked on Nov 3 2014
Added on Sep 24 2014
#oracle-solaris, #solaris-10
57 comments
58,807 views