[1096] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

Re: [linux-security] bash security hole

daemon@ATHENA.MIT.EDU (Nathan Bailey)
Tue Aug 27 13:12:25 1996

To: Jonathan Larmour <JLarmour@origin-at.co.uk>
cc: linux-security@tarsier.cv.nrao.edu
From: Nathan Bailey <Nathan.Bailey@cc.monash.edu.au>
Reply-To: Nathan.Bailey@cc.monash.edu.au
In-reply-to: Message from JLarmour@origin-at.co.uk of 96-Aug-25 22:46:48,
            <1.5.4.16.19960825214648.274f5e60@gatekeeper> 
Date: Tue, 27 Aug 96 14:21:44 +1000

Jonathan Larmour <JLarmour@origin-at.co.uk> wrote:
>At 21:55 22/08/96 -0500, Runar Jensen wrote:
>Just to clarify this, the way I found that I _was_ vulnerable, was with
>this. NB copy the quoting exactly:
>
>bash -c "`/bin/echo 'ls -al\377who'`"
>
>However, note that the bit after the \377 is run the _next_ time you run the
>command, so you need to run it _twice_. Hopefully this will help people who
>incorrectly believe they are not vulnerable.

I'm really not sure I understand what you mean by "running it twice",
but to exploit the vulnerability on our systems you need to put in the
preceeding 0, ie.:
bash -c "`/bin/echo 'ls -al\0377who'`"

You example above produces an error from ls for me, but the second
case works fine.

Nate

home help back first fref pref prev next nref lref last post