[10365] in bugtraq
Re: Buffer overflow in BASH
daemon@ATHENA.MIT.EDU (Peter J. Holzer)
Tue Apr 27 13:15:52 1999
Mail-Followup-To: BUGTRAQ@NETSPACE.ORG
Mime-Version: 1.0
Content-Type: multipart/signed; boundary=RwGu8mu1E+uYXPWP; micalg=pgp-md5;
protocol="application/pgp-signature"
Message-Id: <19990427163815.G7796@wsr.ac.at>
Date: Tue, 27 Apr 1999 16:38:15 +0200
Reply-To: "Peter J. Holzer" <hjp@WSR.AC.AT>
From: "Peter J. Holzer" <hjp@WSR.AC.AT>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <00e201be8a96$b3539780$e50984a9@telecom.idt.net>; from Adam D.
McKenna on Mon, Apr 19, 1999 at 02:59:06PM -0400
--RwGu8mu1E+uYXPWP
Content-Type: text/plain; charset=us-ascii
On 1999-04-19 14:59:06 -0400, Adam D. McKenna wrote:
> I really don't see the point of people posting bash bugs here.
> Especially not bugs in old versions. There are a lot of bash bugs, you
> can't gain any extra priveleges by exploiting them though.
You can, if you can trigger the bug in a script which is not running
with your privileges - suid and cgi scripts are obvious examples.
So, posting bash bug reports at least reminds people that using
bash - especially old versions - for such scripts is not a good idea.
hp
--
_ | Peter J. Holzer | Where do you want your keys
|_|_) | Sysadmin WSR / Obmann LUGA | to go today?
| | | hjp@wsr.ac.at | -- Tom Perrine <tep@SDSC.EDU>
__/ | http://wsrx.wsr.ac.at/~hjp/ | on bugtraq 1999-04-20
--RwGu8mu1E+uYXPWP
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
iQDQAwUBNyXL11LjemazOuKpAQGuOgXSAspM+uQI82xOlqzGWMZYID1a+lQQP0vz
qRtr6UCaljhuZHwkmmf2Vh2gawvQUT97YA22boLtmPD4GutaXqxDatloOz5tIEg3
xfdyAhip0BaTkk3BC4/BoKTFBrZzAF6Qqoj664IKmK7ct3BADe0U1m7i9Ab6rVzN
Nz1TqM3PqihfYwbs1LtDbdp7Z+eLAhAZd2Pr4BuHWv9rz4JLS5rtfeNjENDngjWI
1LFD1FftiiTF/+yCPQsQSnmRFw==
=U3VK
-----END PGP SIGNATURE-----
--RwGu8mu1E+uYXPWP--
