shellshock Security Vulnerability [answered]

asked 2016-10-06 00:49:54 +0300

DarkTuring gravatar image

updated 2016-10-06 22:50:13 +0300

this is an android security vulnerability, could that impact safe operation of sailfish and the aliendalvic running Android 4.4?

I am running sailfish 2.0.3.14.

image description

command you can try directly

Echo Back Received

Based on terminal entry using SU access it is vulnerable.

edit retag flag offensive reopen delete

The question has been closed for the following reason "the question is answered, an answer was accepted" by ced117
close date 2016-10-07 00:32:46.362050

Comments

1

this was supposed to be fixed a long time ago! see here. can anybody confirm? regression?

misc11 ( 2016-10-06 04:28:54 +0300 )edit

according to previous blogs this should have been fixed and what i found may be a false positive, worth double checking

DarkTuring ( 2016-10-06 06:23:41 +0300 )edit

@DarkTuring i just did these tests and my results are:

  • CVE-2014-6271: not vulnerable
  • CVE-2014-7169: not vulnerable

i checked with fingerterm and sfos v2.0.2.51 - i dont know if things are different using aliendalvik, since you checked with an android app. so why dont you check with your version native - and maybe you use an android shell(?) and try again there....

misc11 ( 2016-10-06 22:33:40 +0300 )edit

@DarkTuring all the other test resulted in not vulnerable too (native)

misc11 ( 2016-10-06 22:40:31 +0300 )edit

misc11 see updated photo above, am i supposed to do something different?

DarkTuring ( 2016-10-06 22:51:31 +0300 )edit