Infrastructure Software

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Interested in getting your voice heard by members of the Developer Marketing team at Oracle? Check out this post for AppDev or this post for AI focus group information.

bash vulnerability in Solaris 10

kmacSep 24 2014 — edited Oct 6 2014

http://seclists.org/oss-sec/2014/q3/650

https://securityblog.redhat.com/2014/09/24/bash-specially-crafted-environment-variables-code-injection-attack/

Any plans for a hotfix for bash on Solaris 10?

$env x='() { :;}; echo vulnerable' bash -c "echo this is a test"

vulnerable

this is a test

SunOS hostname 5.10 Generic_150401-13 i86pc i386 i86pc

$bash -version

GNU bash, version 3.2.51(1)-release (i386-pc-solaris2.10)

$pkginfo -l SUNWbash

PKGINST: SUNWbash

NAME: GNU Bourne-Again shell (bash)

CATEGORY: system

ARCH: i386

VERSION: 11.10.0,REV=2005.01.08.01.09

BASEDIR: /

VENDOR: Oracle Corporation

DESC: GNU Bourne-Again shell (bash) version 3.2

PSTAMP: sfw10-patch-x20120813130538

INSTDATE: Aug 19 2014 07:23

HOTLINE: Please contact your local service provider

STATUS: completely installed

FILES: 4 installed pathnames

2 shared pathnames

2 directories

1 executables

1250 blocks used (approx)

Processing

Locked Post

New comments cannot be posted to this locked post.

Locked on Nov 3 2014

Added on Sep 24 2014

#oracle-solaris, #solaris-10

57 comments

58,835 views

Infrastructure Software

bash vulnerability in Solaris 10

Comments

Post Details