CVE-2014-7186 Vulnerability?



  • Everywhere I've read online says that because pfSense doesn't run bash it's not susceptible to some of the shellshock exploits recently.  However, I do believe that packages somehow might include bash and cause pfSense to be vulnerable:

    You can see the basic that we should expect:

    [2.1.5-RELEASE][user@pfsense]/root(22): bash
    bash: Command not found.
    
    

    However, if you include the out-of-bounds exploit you can see the overflow still runs… even though the bash command isn't found:

    [2.1.5-RELEASE][user@pfsense]/root(26): bash -c 'true <<eof <<eof="" <<eof'="" ||="" echo="" "i="" am="" vulnerable"<br="">bash: Command not found.
    I am vulnerable</eof>
    

    Am I wrong?


  • LAYER 8 Netgate

    Yes, you're wrong.

    You're entering the equivalent of false || echo 'I am vulnerable' which will always print the text.  As will jashkjaskasdkjahsd || echo 'I am vulnerable'

    
    [2.2-RC][root@pfSenseA]/root: jashkjaskasdkjahsd || echo 'I am vulnerable'
    jashkjaskasdkjahsd: Command not found.
    I am vulnerable
    [2.2-RC][root@pfSenseA]/root:
    
    


  • Yep, you're right.  Thanks for pointing that out.


Log in to reply